Solved Browser redirect issue

brucifer · Aug 8, 2012

I read where Broni successfully handled a similar issue to mine, but if anyone can help me resolve the browser issue that is dogging me, I will be very appreciative. To give some background to the problem, for the past few months my browser will intermittingly redirect to websites that I have not selected. I was using both Chrome and IE9, and it happened with both browsers. I have since deleted Chrome, but the problem still exists with IE9. There is also a small pop-up window in the lower left portion of my screen which I suspect is associated with whatever is causing my redirect issue. I have ran a plethora of malware removal tools, but nothing seems to detect the problem. If it's any help, I took a peek at an OTL log file of my system, and it appears that the svhost is displaying multiple ip addresses instead of just the local host. Since the problem most likely deals with the registry, I would rather defer to the experts here.

Here are the log files requested:

mbam.log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.08.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
OCZ :: OCZ-PC [administrator]
8/8/2012 2:48:10 AM
mbam-log-2012-08-08 (02-48-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194873
Time elapsed: 1 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
**************************************************************************
gmer.log - no file produced
**************************************************************************
DDS.log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by OCZ at 3:18:43 on 2012-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2304 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\PCPitstop\PC MaticRT\PCPitstopRTService.exe
C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Download Nitro] "C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe" -autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\PC MaticRT\PCMaticRT.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1294047520852
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/PCMagnum/controls/PCPitstop2.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9819F898-1660-4C1C-9C2A-34B610F7B00B} : DhcpNameServer = 192.168.0.1
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun-x64: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun-x64: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
mRun-x64: [PC MaticRT] C:\Program Files (x86)\PCPitstop\PC MaticRT\PCMaticRT.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Hosts: 188.119.151.111 www.google-analytics.com.
Hosts: 188.119.151.111 ad-emea.doubleclick.net.
Hosts: 188.119.151.111 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe -service --> C:\Windows\system32\lxdxcoms.exe -service [?]
R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\PC MaticRT\PCPitstopRTService.exe [2012-7-17 3827896]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
S3 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-7-1 136616]
S3 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2011-1-4 109056]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-7-8 91848]
S3 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\RNX-N2LX 11n USB Wireless LAN Utility\RtlService.exe [2011-2-20 45056]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVLAN60.sys --> C:\Windows\system32\DRIVERS\RtVLAN60.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-08 06:45:50 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-08 06:45:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-08 06:27:28 -------- d-----w- C:\FRST
2012-08-08 03:06:25 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD6F7A32-3AC5-46A2-AAC8-5B77D7A5975C}\offreg.dll
2012-08-07 15:23:08 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD6F7A32-3AC5-46A2-AAC8-5B77D7A5975C}\mpengine.dll
2012-08-06 06:29:37 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-06 06:17:43 -------- d-----w- C:\Users\OCZ\AppData\Roaming\pdfforge
2012-08-06 06:17:40 95744 ----a-w- C:\Windows\System32\pdfcmon.dll
2012-08-06 06:17:39 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2012-08-06 06:17:38 -------- d-----w- C:\Program Files (x86)\PDFCreator
2012-08-02 01:56:49 -------- d-----w- C:\Users\OCZ\AppData\Roaming\Polyman
2012-08-02 01:56:35 -------- d-----w- C:\ProgramData\Polyman
2012-08-02 01:56:35 -------- d-----w- C:\Program Files (x86)\Polyman
2012-07-24 02:52:42 -------- d-----w- C:\DUMP_DICOM
2012-07-22 04:21:03 -------- d-----w- C:\ProgramData\ResMed
2012-07-22 04:20:44 -------- d-----w- C:\Program Files\ACR38_100_122 PCSC Driver
2012-07-22 04:19:23 -------- d-----w- C:\Program Files (x86)\ResMed
2012-07-22 04:17:51 -------- d-----w- C:\ProgramData\{0127DD5F-22AC-4627-96E2-1E220A399D75}
2012-07-20 03:52:06 -------- d-----w- C:\Program Files (x86)\SleepyHead
2012-07-19 19:08:55 -------- d-----w- C:\Program Files\Enigma Software Group
2012-07-19 19:08:12 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-17 04:45:31 72280 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
2012-07-11 16:07:00 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 16:02:59 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 16:02:59 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 16:02:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-11 16:02:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-11 16:02:55 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 16:02:55 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 16:02:54 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 16:02:53 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 16:02:53 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 16:02:53 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M ====================
.
2012-07-27 00:47:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 00:47:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
.
============= FINISH: 3:18:51.28 ===============

brucifer · Aug 8, 2012

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/3/2011 2:25:51 AM
System Uptime: 8/7/2012 6:30:38 PM (9 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A88TD-V EVO/USB3
Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3716/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 68.615 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
X: is FIXED (NTFS) - 932 GiB total, 929.865 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP255: 7/9/2012 7:37:34 PM - Windows Update
RP256: 7/11/2012 12:03:23 PM - Windows Update
RP257: 7/15/2012 9:40:28 PM - Windows Update
RP258: 7/19/2012 3:08:37 PM - Installed SpyHunter
RP259: 7/19/2012 8:20:55 PM - Windows Update
RP260: 7/22/2012 12:19:13 AM - Installed ResScan
RP261: 7/22/2012 12:20:06 AM - Installed ACR38/100/122 PC/SC Driver 1.1.2.0
RP262: 7/23/2012 11:02:19 AM - Windows Update
RP263: 7/28/2012 1:22:53 AM - Windows Update
RP264: 7/31/2012 9:58:25 AM - Windows Update
RP265: 8/4/2012 11:54:22 AM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 188.119.151.111 www.google-analytics.com.
Hosts: 188.119.151.111 ad-emea.doubleclick.net.
Hosts: 188.119.151.111 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
AI Suite
AMD OverDrive
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
EPU
GPU Boost Driver
ImageViewer
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 5
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PC Matic 1.1.0.48
PC Pitstop Download Nitro 1.5.0.0
PC Pitstop Info Center 1.0.0.13
PC Pitstop SuperShield 1.0.0.27
PC Probe II
PDFCreator
Picasa 3
PL-2303 USB-to-Serial
Realtek Ethernet Controller Driver
Realtek Ethernet Diagnostic Utility
Renesas Electronics USB 3.0 Host Controller Driver
ResScan
RNX-N2LX Wireless LAN Driver and Utility
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SleepyHead version 0.9.1 beta
TurboV EVO
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
8/7/2012 6:30:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iyrx
.
==== End Of File ===========================

Jay Pfoutz · Aug 8, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

msconfig
safebootminimal
activex
drivers32
netsvcs
CreateRestorePoint
%AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
%AppData%\Local\
%systemroot%\system32\sysprep
*.xpi /md5
%systemroot%\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.exe /md5
"%WinDir%\$NtUninstallKB*$." /30
%systemdrive%\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\Installer\ /s
%systemroot%\system32\Cache\ /s
%systemroot%\system32\config\systemprofile\Application Data /s
%PROGRAMFILES%\*.
%appdata%\*.*
/md5start
volsnap.sys
services.exe
userinit.exe
afd.sys
tcpip.sys
netbt.sys
ipsec.sys
dnsrslvr.dll
ipnathlp.dll
netman.dll
WMIsvc.dll
srsvc.dll
sr.sys
wscsvc.dll
wuauserv.dll
qmgr.dll
es.dll
cryptsvc.dll
svchost.exe
rpcss.dll
tdx.sys
wininit.exe
winlogon.exe
atapi.sys
explorer.exe
/md5stop
Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

brucifer · Aug 8, 2012

Hi DragonMasterJay. Thanks for taking on my case. Here are the notepad .txt files you requested:

OTL.Txt (part 1)

OTL logfile created on: 8/8/2012 11:24:02 AM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\OCZ\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.37 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 68.61 Gb Free Space | 61.43% Space Free | Partition Type: NTFS
Drive X: | 931.51 Gb Total Space | 929.86 Gb Free Space | 99.82% Space Free | Partition Type: NTFS

Computer Name: OCZ-PC | User Name: OCZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\OCZ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\PCPitstop\PC MaticRT\PCPitstopRTService.exe (PC Pitstop LLC)
PRC - C:\Program Files (x86)\PCPitstop\PC MaticRT\PCMaticRT.exe (PC Pitstop LLC)
PRC - C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
PRC - C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe (PC Pitstop, LLC)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\PCPitstop\PC MaticRT\pcmaticRTen.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
MOD - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcaps.dll ()
MOD - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxscw.dll ()
MOD - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdrs.dll ()
MOD - C:\Program Files (x86)\Lexmark 3600-4600 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdatr.dll ()
MOD - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcnv4.dll ()
MOD - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcats.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxptp.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (lxdx_device) -- C:\Windows\SysNative\lxdxcoms.exe ( )
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PCPitstop Realtime) -- C:\Program Files (x86)\PCPitstop\PC MaticRT\PCPitstopRTService.exe (PC Pitstop LLC)
SRV - (PCPitstop Scheduling) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (lxdx_device) -- C:\Windows\SysWOW64\lxdxcoms.exe ( )
SRV - (Realtek11nSU) -- C:\Program Files (x86)\RNX-N2LX 11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (Sunbelt Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (VLAN) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 2B 15 CE 28 AB CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{51762350-C0C3-4A71-90DA-F871F31389A8}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...f66ef2d8d&lang=en&ds=pp016&pr=sa&d=2012-08-06 02:18:01&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{DB57F403-DE63-4ED4-A852-EF5C5A5B167E}: "URL" = http://findgala.com/?&uid=5708&q={searchTerms}
IE - HKCU\..\SearchScopes\{F19CFBC8-5A3E-4AC4-8819-47213B3A6E1F}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: X:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

O1 HOSTS File: ([2012/03/05 16:32:31 | 000,001,404 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 188.119.151.111 www.google-analytics.com.
O1 - Hosts: 188.119.151.111 ad-emea.doubleclick.net.
O1 - Hosts: 188.119.151.111 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PC MaticRT] C:\Program Files (x86)\PCPitstop\PC MaticRT\PCMaticRT.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [Download Nitro] C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe (PC Pitstop, LLC)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1294047520852 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/PCMagnum/controls/PCPitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9819F898-1660-4C1C-9C2A-34B610F7B00B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^Users^OCZ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft HealthVault Connection Center.lnk - - File not found
MsConfig:64bit - StartUpReg: EzPrint - hkey= - key= - C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LifeCam - hkey= - key= - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: lxdxmon.exe - hkey= - key= - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
MsConfig:64bit - StartUpReg: PC MaticRT - hkey= - key= - C:\Program Files (x86)\PCPitstop\PC MaticRT\PCMaticRT.exe (PC Pitstop LLC)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {0116AC7B-1B74-4D8C-8977-D99D662CF61C} - Yahoo! Toolbar
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {14A34AD8-3F6E-4D46-8985-00CB5920D2AE} - NoIE8Tour
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX:64bit: {B0DD3513-FB5F-450A-81AE-CBF66EDA0280} - Yahoo! Search Settings Update
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{14526F0D-455B-4104-9714-C1A0AAB3ADD8} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

brucifer · Aug 8, 2012

OTL.Txt (Part 2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 11:10:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\OCZ\Desktop\OTL.exe
[2012/08/08 11:06:44 | 000,000,000 | ---D | C] -- C:\Users\OCZ\Desktop\Old)OTL
[2012/08/08 03:15:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\OCZ\Desktop\dds.com
[2012/08/08 02:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/08 02:45:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/08 02:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/08 02:27:28 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/07 23:08:16 | 000,000,000 | ---D | C] -- C:\Users\OCZ\Desktop\GooredFix Backups
[2012/08/07 23:03:23 | 000,000,000 | ---D | C] -- C:\Users\OCZ\Documents\tdsskiller
[2012/08/06 02:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/08/06 02:17:43 | 000,000,000 | ---D | C] -- C:\Users\OCZ\AppData\Roaming\pdfforge
[2012/08/06 02:17:40 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012/08/06 02:17:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2012/08/06 02:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012/08/01 21:56:49 | 000,000,000 | ---D | C] -- C:\Users\OCZ\AppData\Roaming\Polyman
[2012/08/01 21:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Polyman
[2012/08/01 21:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Polyman
[2012/07/23 22:52:42 | 000,000,000 | ---D | C] -- C:\DUMP_DICOM
[2012/07/22 00:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ResMed
[2012/07/22 00:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\ACR38_100_122 PCSC Driver
[2012/07/22 00:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ResMed
[2012/07/22 00:19:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ResMed
[2012/07/22 00:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResMed
[2012/07/22 00:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{0127DD5F-22AC-4627-96E2-1E220A399D75}
[2012/07/19 23:58:06 | 000,000,000 | ---D | C] -- C:\Users\OCZ\Documents\SleepyHeadData
[2012/07/19 23:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SleepyHead
[2012/07/19 23:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SleepyHead
[2012/07/19 15:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/17 00:45:31 | 000,072,280 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2012/07/11 12:04:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 12:04:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 12:04:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 12:04:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 12:04:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 12:04:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 12:04:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 12:04:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 12:03:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 12:03:58 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 12:03:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 12:03:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 12:03:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 12:03:07 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 12:03:05 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 12:03:00 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 12:02:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 12:02:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2011/01/03 05:58:32 | 000,326,432 | ---- | C] (Ralink Technology, Inc.) -- C:\Users\OCZ\RaCoInstx.dll
[2011/01/03 05:58:27 | 000,446,304 | ---- | C] (Ralink Technology, Corp.) -- C:\Users\OCZ\netr6164.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 11:11:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\OCZ\Desktop\OTL.exe
[2012/08/08 11:00:48 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 11:00:48 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 10:57:54 | 000,733,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/08 10:57:54 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/08 10:57:54 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/08 10:53:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/08 10:53:37 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 03:15:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\OCZ\Desktop\dds.com
[2012/08/08 02:45:55 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/08 02:26:51 | 000,001,168 | ---- | M] () -- C:\Users\OCZ\Allowed
[2012/08/07 18:20:53 | 000,414,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/06 02:36:00 | 000,406,812 | ---- | M] () -- C:\Users\OCZ\Desktop\bruce.jpg
[2012/08/06 02:24:19 | 000,413,154 | ---- | M] () -- C:\Users\OCZ\Desktop\lisa.jpg
[2012/08/06 02:17:49 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/08/06 02:17:49 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/08/04 14:06:49 | 000,057,618 | ---- | M] () -- C:\Users\OCZ\Desktop\SH080412EV.JPG
[2012/08/02 11:10:38 | 000,051,386 | ---- | M] () -- C:\Users\OCZ\Desktop\RS1.JPG
[2012/08/02 11:04:47 | 000,025,675 | ---- | M] () -- C:\Users\OCZ\Desktop\SH1.JPG
[2012/08/02 10:47:31 | 000,001,444 | ---- | M] () -- C:\Users\OCZ\AppData\Local\DC2EDE12.il
[2012/08/02 10:47:31 | 000,000,280 | ---- | M] () -- C:\Users\OCZ\AppData\Local\IndexIE_DC2EDE12.il
[2012/08/02 10:43:55 | 000,001,440 | ---- | M] () -- C:\Users\OCZ\AppData\Local\FBC41D67.il
[2012/08/02 10:43:55 | 000,000,280 | ---- | M] () -- C:\Users\OCZ\AppData\Local\IndexIE_FBC41D67.il
[2012/08/01 23:08:04 | 000,073,535 | ---- | M] () -- C:\Users\OCZ\Desktop\AHI_Chart3.JPG
[2012/08/01 16:29:02 | 000,004,096 | -H-- | M] () -- C:\Users\OCZ\AppData\Local\keyfile3.drm
[2012/08/01 00:16:11 | 000,062,844 | ---- | M] () -- C:\Users\OCZ\Desktop\AHI_Chart2b.JPG
[2012/07/31 22:40:11 | 000,101,068 | ---- | M] () -- C:\Users\OCZ\Desktop\AHI_Chart.jpg
[2012/07/31 22:39:49 | 000,046,253 | ---- | M] () -- C:\Users\OCZ\Desktop\AHI_Chart.PNG
[2012/07/26 20:47:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/26 20:47:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/22 00:19:37 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\ResScan.lnk
[2012/07/19 23:52:11 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\SleepyHead.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/08 02:45:55 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 02:36:25 | 000,406,812 | ---- | C] () -- C:\Users\OCZ\Desktop\bruce.jpg
[2012/08/06 02:29:29 | 000,413,154 | ---- | C] () -- C:\Users\OCZ\Desktop\lisa.jpg
[2012/08/06 02:17:49 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/08/06 02:17:49 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/08/04 14:06:49 | 000,057,618 | ---- | C] () -- C:\Users\OCZ\Desktop\SH080412EV.JPG
[2012/08/02 11:10:37 | 000,051,386 | ---- | C] () -- C:\Users\OCZ\Desktop\RS1.JPG
[2012/08/02 11:04:47 | 000,025,675 | ---- | C] () -- C:\Users\OCZ\Desktop\SH1.JPG
[2012/08/01 23:08:04 | 000,073,535 | ---- | C] () -- C:\Users\OCZ\Desktop\AHI_Chart3.JPG
[2012/08/01 22:06:26 | 000,001,444 | ---- | C] () -- C:\Users\OCZ\AppData\Local\DC2EDE12.il
[2012/08/01 22:06:26 | 000,000,280 | ---- | C] () -- C:\Users\OCZ\AppData\Local\IndexIE_DC2EDE12.il
[2012/08/01 22:06:25 | 000,001,440 | ---- | C] () -- C:\Users\OCZ\AppData\Local\FBC41D67.il
[2012/08/01 22:06:25 | 000,000,280 | ---- | C] () -- C:\Users\OCZ\AppData\Local\IndexIE_FBC41D67.il
[2012/08/01 16:29:02 | 000,004,096 | -H-- | C] () -- C:\Users\OCZ\AppData\Local\keyfile3.drm
[2012/08/01 00:16:11 | 000,062,844 | ---- | C] () -- C:\Users\OCZ\Desktop\AHI_Chart2b.JPG
[2012/07/31 22:40:05 | 000,101,068 | ---- | C] () -- C:\Users\OCZ\Desktop\AHI_Chart.jpg
[2012/07/31 22:30:43 | 000,046,253 | ---- | C] () -- C:\Users\OCZ\Desktop\AHI_Chart.PNG
[2012/07/22 00:19:37 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\ResScan.lnk
[2012/07/19 23:52:11 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\SleepyHead.lnk
[2012/07/08 22:19:07 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/08 22:19:07 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/07 03:35:04 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/25 20:13:30 | 000,001,168 | ---- | C] () -- C:\Users\OCZ\Allowed
[2011/02/28 02:22:20 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/26 02:19:08 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2011/02/20 16:41:43 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll
[2011/02/20 16:41:43 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll
[2011/02/20 16:41:43 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll
[2011/02/20 16:41:43 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll
[2011/02/20 16:41:43 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll
[2011/02/20 16:41:43 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcoms.exe
[2011/02/20 16:41:43 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll
[2011/02/20 16:41:43 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll
[2011/02/20 16:41:43 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll
[2011/02/20 16:41:43 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll
[2011/02/20 16:41:43 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll
[2011/02/20 16:41:43 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll
[2011/02/20 16:41:43 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxih.exe
[2011/02/20 16:41:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll
[2011/02/20 16:41:42 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcfg.exe
[2011/02/20 16:38:19 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
[2011/02/20 16:38:19 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
[2011/02/20 16:38:19 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
[2011/02/20 10:19:24 | 000,003,584 | ---- | C] () -- C:\Users\OCZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/20 09:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/20 09:04:37 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/01/04 23:54:24 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/01/04 23:54:24 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/01/04 23:54:23 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/01/04 23:54:23 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/01/04 23:46:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/01/04 23:46:36 | 000,035,145 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/01/03 06:23:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/03 05:58:20 | 000,023,577 | ---- | C] () -- C:\Users\OCZ\netr6164.cat
[2011/01/03 05:50:51 | 000,048,146 | ---- | C] () -- C:\Users\OCZ\netr6164.inf

========== LOP Check ==========

[2011/01/05 05:50:46 | 000,000,000 | ---D | M] -- C:\Users\OCZ\AppData\Roaming\AVG10
[2011/01/08 02:36:05 | 000,000,000 | ---D | M] -- C:\Users\OCZ\AppData\Roaming\DeviceVm
[2012/08/08 11:26:48 | 000,000,000 | ---D | M] -- C:\Users\OCZ\AppData\Roaming\Free Download Manager
[2012/08/06 03:13:52 | 000,000,000 | ---D | M] -- C:\Users\OCZ\AppData\Roaming\pdfforge
[2012/08/01 22:06:25 | 000,000,000 | ---D | M] -- C:\Users\OCZ\AppData\Roaming\Polyman
[2012/05/20 03:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\RegAce Scheduled Scan - OCZ.job
[2012/07/28 01:12:00 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/03/24 15:36:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/03/24 15:36:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/03/24 15:36:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/03/24 15:36:28 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/03/24 15:36:28 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/03/24 15:36:28 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/01/04 23:59:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
[2011/01/04 23:58:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS
[2011/01/17 23:09:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2012/03/19 13:41:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2011/02/20 09:05:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2012/08/07 18:37:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/01/08 02:31:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EVGA Precision
[2011/07/11 08:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/06/20 02:34:12 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/07/11 12:09:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/06/25 18:34:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/10/25 12:20:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lexmark 3600-4600 Series
[2011/02/20 16:41:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lexmark Toolbar
[2011/04/22 19:35:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LifeScan
[2012/08/08 02:45:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/21 12:28:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft LifeCam
[2011/07/05 17:47:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/04/26 08:51:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/11 11:32:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/04/22 20:12:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/04/22 20:12:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/02/26 02:27:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/02/26 02:23:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/02/26 02:41:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2011/02/26 02:27:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/02/26 02:27:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/07/19 14:40:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/01/08 02:35:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2011/04/22 19:18:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OneTouch USB Driver
[2012/06/25 18:34:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oracle
[2012/07/08 22:29:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PCPitstop
[2012/08/06 02:17:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDFCreator
[2012/08/07 18:19:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Polyman
[2011/01/08 02:36:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/01/04 23:53:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Renesas Electronics
[2012/07/22 00:19:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ResMed
[2011/02/20 09:05:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RNX-N2LX 11n USB Wireless LAN Utility
[2011/10/24 14:22:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sectra
[2012/07/19 23:59:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SleepyHead
[2012/08/08 02:44:10 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2012/05/14 13:48:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\UnHackMe
[2009/07/14 00:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/02/24 00:52:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/02/24 00:52:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/02/24 00:52:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/02/24 00:52:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/02/24 00:52:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/04/22 21:06:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

brucifer · Aug 8, 2012

OTL.Txt (Part 3)

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 00:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 22:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 19:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/28 00:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 05:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 22:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 23:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 22:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 09:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
[2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012/04/24 00:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/13 21:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 08:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 01:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012/04/24 01:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[2012/04/24 01:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[2012/04/24 00:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2009/07/13 21:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
[2011/03/03 02:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
[2011/03/03 02:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 09:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
[2011/03/03 02:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 05:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 05:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 19:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/13 21:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 01:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/29 13:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 09:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/21 02:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/06/14 02:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2012/03/30 06:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 07:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012/03/30 06:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010/06/14 02:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 21:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 01:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 02:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/29 12:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 07:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 07:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/25 02:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/21 02:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/21 02:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 12:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/29 12:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2009/07/13 19:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 05:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 05:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll
[2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2010/12/21 02:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
[2010/12/21 02:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
[2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
[2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP

FC5A2B2
< End of report >

brucifer · Aug 8, 2012

Extras.Txt

OTL Extras logfile created on: 8/8/2012 11:24:02 AM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\OCZ\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.37 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 68.61 Gb Free Space | 61.43% Space Free | Partition Type: NTFS
Drive X: | 931.51 Gb Total Space | 929.86 Gb Free Space | 99.82% Space Free | Partition Type: NTFS

Computer Name: OCZ-PC | User Name: OCZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026AC630-1326-41CA-9CB9-12CFE20D13E7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{02B60605-17B2-4A43-9247-EBA6B0D956B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0342D2A6-A8EB-47EF-9005-4E771E00BBF1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{093EE5D1-4C8D-46DB-B6AE-E78D9918BA7F}" = rport=139 | protocol=6 | dir=out | app=system |
"{0CD1ABA1-9F92-4213-9E0E-90557F311FFC}" = lport=139 | protocol=6 | dir=in | app=system |
"{274400D8-88B1-4048-993A-7705CDC18093}" = rport=137 | protocol=17 | dir=out | app=system |
"{29BA97AD-D4CB-46BC-9FE6-EA7D6AE7989A}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A3441B4-B448-4A54-B884-B402FECCD3AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{490C9ECD-148F-4691-9B43-D2F9BF507C47}" = lport=138 | protocol=17 | dir=in | app=system |
"{6FB84A28-C42B-43B1-AE28-68D9EEC7EE88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9D703070-6969-45F4-A039-3FC113AD0C72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE155CD3-1CAF-4EE7-836C-8AACAE67343E}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{B4F619C6-F16F-47D1-ADDD-585ABE57B2D0}" = lport=137 | protocol=17 | dir=in | app=system |
"{C235E9B8-DE69-449C-9DA9-0244D7DDC096}" = rport=445 | protocol=6 | dir=out | app=system |
"{CC09A8E1-E455-49F5-8B6F-6D40B7A4F330}" = rport=138 | protocol=17 | dir=out | app=system |
"{CE55085E-BDE5-4EDC-922A-255B40FDB1EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4665B8B-3CA9-4915-B448-6522D9B7B787}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{F598E2B3-E4BF-4149-88F0-0EEAB1356732}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056EDAEE-A2A8-4478-9218-D87FFDC5AE63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{0B850ABA-18FB-4E08-9A53-E72B330083DF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1027F6CB-8CD7-4CD9-8647-7B6EBD83C747}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{159CE8E4-7783-4AC0-BE15-42DF324F6383}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{24FA4973-E33D-45A4-8FBE-41F7DF321F8F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{3005F923-C493-427F-9B1F-D2E8BA9D13DB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |
"{346DEC34-AFBA-4373-B317-573F21EC9878}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{39E1AE71-08F1-4D3A-B148-50CF583C8819}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{3F0C99F9-382C-480A-B91A-BF48391B2914}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4715794A-0990-4DDE-B359-3F094EDF0670}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |
"{53E26304-403A-4351-A168-3B1E6B172B64}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |
"{5C4E780D-8A30-4686-A08F-B0AF79CB4854}" = protocol=6 | dir=in | app=c:\program files (x86)\rnx-n2lx 11n usb wireless lan utility\rtwlan.exe |
"{6238A667-9238-4310-B0EB-8DC577452AC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6304A428-57EF-4C31-815E-64F6AA25EB6D}" = protocol=17 | dir=in | app=c:\program files (x86)\rnx-n2lx 11n usb wireless lan utility\rtwlan.exe |
"{680AE299-C5FC-48AF-8F81-C00A3AFF4D16}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{771BADAD-E2DE-4CF5-9DCD-C68A7E9ADBB5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |
"{775F0E2A-C95E-43D4-9DFA-4AA15D265908}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{779D86E6-6259-4920-96B7-D164B9C1D699}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{78CBBCC9-1422-4E18-ABAD-D8336D8D38EB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{803AA419-AEF8-4EEF-BD4A-FE3B2F371570}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{83961057-EC10-4D3F-984A-9114F620BF66}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{88D8FAD3-72A9-41DB-8649-B95D9F3B62BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B1F72BC-17D7-4C39-B96C-CC46BCD28C25}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |
"{948B6E44-40C3-42A7-A96D-757558A6ECE7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{A44460EB-9E29-41B6-AB65-09C6808405A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A9AE6300-E1F9-49F4-BC77-2DDB8E09854A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B30BB806-7A02-436C-ABE8-4FF5D6484B2B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{D0BEB02C-A1EA-4D30-8DF3-B5118AF384C3}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |
"{DA8AA549-0DB3-4A86-9A1F-3C634E8A3EC6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DD783DAE-508F-4312-BD97-BC6FAF2C8D8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2ACD918-8FA3-44B3-8FCF-30D9BB4F3CD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF92D453-F762-49E1-9A2A-F2F7BB63DCA8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{FFB438EB-C3F4-4AEF-B18A-DBE65144DF59}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{1110E6A4-C202-4A96-A774-7D3B3FE1EC33}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |
"TCP Query User{56F701FB-2E11-4902-98AA-ADB3308B0298}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe |
"TCP Query User{C308826D-819C-4E1A-826B-EEDE4B07BB98}C:\users\ocz\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\ocz\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{159880B8-0F7D-4400-A38F-796F1687FBAB}C:\users\ocz\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\ocz\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{6C56C9EB-E8E8-42F6-A6B3-C1C6B09245FF}C:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe |
"UDP Query User{EBD3B866-E10D-42C4-AAB0-E94369D3A4E8}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{155796AE-16D0-45D2-8939-6AE3AD67147B}" = ACR38/100/122 PC/SC Driver 1.1.2.0
"{1ABEF5E2-4F31-9543-EF17-AFC61AD96DB5}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{708DC396-5B5C-55FC-7019-BE7BB6787FB6}" = AMD Fuel
"{7A47656D-0369-4C67-D98C-DA369EC504C2}" = ccc-utility64
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{DE1B48FB-0EA4-6E6F-5335-9095994CB7EB}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0942775975678D6CC510D2C2F022CD956CCF177E" = Windows Driver Package - ACS (ACSSCR) SmartCardReader (12/15/2009 1.1.6.2)
"1718A70E35B89EC6A088F2A7C58F75CED9153669" = Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (11/09/2011 8.920.0.0000)
"222525A270787CD76AB2C81E10DA7FBA6BCD1664" = Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (12/06/2011 7.12.0.7705)
"336D11F52E7535B73E723172D474100C8387D19E" = Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (07/28/2011 8.881.0.0000)
"3C7C589C13A6D4DF5F27DA13016293E988CDD74F" = Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (03/29/2011 7.12.0.7701)
"42006E313FB9CB296D4EC9AB419227AB2BE28EA9" = Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (10/12/2011 8.902.0.0000)
"43A78F4A15761743D062B57358EB89296A6A8530" = Windows Driver Package - Realtek Semiconductor Corp. (RTL8192su) Net (09/17/2010 1086.33.0917.2010)
"4A38D9B38E10E18D3528EDAB22652EB131FADECB" = Windows Driver Package - Realtek (RTL8167) Net (08/23/2011 7.048.0823.2011)
"650A09C975543C782ADAC3763AF3CE1F442F8846" = Windows Driver Package - Realtek (RTL8167) Net (03/21/2011 7.043.0321.2011)
"7E26D65CA5110FF168A57B5C479134FA5450759B" = Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (10/18/2011 7.12.0.7704)
"8BC35419E40F7D763CE22BC6F5E4A91D929FC705" = Windows Driver Package - ATI Technologies Inc. (amdkmdap) Display (03/08/2011 8.831.2.0000)
"93D0B653D730EB57C01C763D1BE4E63ABC9204F0" = Windows Driver Package - Realtek (RTL8167) Net (11/23/2011 7.050.1123.2011)
"975A45FBE93AB46F34C02799890FC96D277C65B1" = Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (09/08/2011 8.892.0.0000)
"A9B944A9EADA685F103858C6923BF5DD8E127C2C" = Windows Driver Package - ACS (ACR122U) SmartCardReader (12/16/2009 1.1.6.3)
"C145695977AEB527FAFBDEFEAFFEA0FB3B98558E" = Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (03/08/2012 8.951.0.0000)
"F02CC611741E33C64CDEAEEE2C7A46E41719B2CC" = Windows Driver Package - ACS (A38CCID) SmartCardReader (12/16/2009 1.1.6.5)
"F0476EE0B7131E554D4B3907F2E1364B6406CEAB" = Windows Driver Package - ATI Technologies Inc. (amdkmdap) Display (05/24/2011 8.861.0.0000)
"FD3D220DDF48408A15C0A3F4E4AC2FFE453D3E4A" = Windows Driver Package - ATI Technologies Inc. (amdkmdap) Display (01/26/2011 8.821.0.0000)
"FDFB49E406219A59C6165CFBCBFC9D1ADDB26EC1" = Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (05/16/2011 7.12.0.7702)
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03533053-A0DD-0A8F-F18B-388CF251929B}" = CCC Help Finnish
"{04D38795-0B33-C6FC-47C9-D85DBAF82216}" = CCC Help Norwegian
"{0A225245-3D91-7DD2-630D-4366FA9D7BCF}" = CCC Help Thai
"{0AB51E62-5AA1-5ECC-F836-F9485DD487C3}" = Catalyst Control Center Localization All
"{0B94CF00-3A9C-AEBF-265D-EABF6EC11CEA}" = Catalyst Control Center InstallProxy
"{0C0F9C71-1185-7A98-DBE3-BC26CD85352E}" = CCC Help Korean
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205534F9-935B-4F67-6CA1-0356441E78F9}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2C15735B-1EBA-5719-4ADD-F457205F1BA6}" = Catalyst Control Center Graphics Previews Common
"{2CA51DE4-4B69-EF24-841E-32363DE7D374}" = CCC Help Japanese
"{2E7A3D47-285C-AA71-5F43-7AD3C45A24C1}" = CCC Help English
"{2FE0023B-3858-3D60-DC15-E325E7BBBCE0}" = CCC Help Greek
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3C12C57B-8BD0-25E0-57C6-63DBB96AF447}" = CCC Help German
"{3F4C8E28-826B-4C29-96BE-02A140D000EB}" = ImageViewer
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5CD0CFB1-3FE9-600A-36E4-03E1523C4989}" = CCC Help Swedish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6E209506-FD15-E2CC-AF7E-D1B9C5C83DC3}" = CCC Help Chinese Standard
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility
"{7D566AE8-882A-4B45-B020-40835CF4B8F9}" = ResScan
"{7E5B60E2-32F4-1052-8471-708EF7965167}" = Catalyst Control Center Profiles Desktop
"{81D34549-684B-86FC-B25F-AA948D831194}" = CCC Help Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9400B65A-43D5-9A1F-9A94-28126CB7F684}" = CCC Help Italian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = RNX-N2LX Wireless LAN Driver and Utility
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9FF1B47E-957E-DE11-6610-799DD98BAD42}" = CCC Help Czech
"{AE1A891D-68BF-0BE5-A51D-7EF7187230D4}" = CCC Help French
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{C66B45D6-0A09-0F9A-39EC-06AE4B2C1DB5}" = CCC Help Portuguese
"{C82EB045-FD47-F4F9-2527-F0195DEE1637}" = CCC Help Danish
"{CE0EF487-4B1D-7800-2BCE-CC931A6DEE3E}" = CCC Help Spanish
"{D85DCD8F-2FED-306F-0BF4-9508722A1D92}" = CCC Help Chinese Traditional
"{DE2F7052-404D-4848-AB11-7CC100FD9680}_is1" = SleepyHead version 0.9.1 beta
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EB0B4C36-0171-73BF-B119-11FE8E641F6E}" = ccc-core-static
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F39B1FAE-1E05-E275-2594-C22F91D585F0}" = CCC Help Hungarian
"{F67958D5-BF91-56EF-3792-363A555155B3}" = CCC Help Polish
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"PC Matic_is1" = PC Matic 1.1.0.48
"PC Pitstop Download Nitro_is1" = PC Pitstop Download Nitro 1.5.0.0
"PC Pitstop SuperShield_is1" = PC Pitstop SuperShield 1.0.0.27
"PCPitstopInfoCenter_is1" = PC Pitstop Info Center 1.0.0.13
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2012 9:13:04 PM | Computer Name = OCZ-PC | Source = ResScan | ID = 131328
Description = Error Date/Time : 31/7/2012 21:13:4 ErrorCode : 80004005 ErrorMessage
: Unspecified error Program Message : hResult Error File : .\RWDevice.cpp
Function
: RWDevice::GetDataGroup Line : 1436

Error - 7/31/2012 9:13:08 PM | Computer Name = OCZ-PC | Source = ResScan | ID = 131328
Description = Error Date/Time : 31/7/2012 21:13:8 ErrorCode : 80004005 ErrorMessage
: Unspecified error Program Message : hResult Error File : .\RWDevice.cpp
Function
: RWDevice::GetDataGroup Line : 1436

Error - 8/1/2012 10:53:05 PM | Computer Name = OCZ-PC | Source = ResScan | ID = 131328
Description = Error Date/Time : 1/8/2012 22:53:5 ErrorCode : 80004005 ErrorMessage
: Unspecified error Program Message : hResult Error File : .\RWDevice.cpp
Function
: RWDevice::GetDataGroup Line : 1436

Error - 8/1/2012 10:53:09 PM | Computer Name = OCZ-PC | Source = ResScan | ID = 131328
Description = Error Date/Time : 1/8/2012 22:53:9 ErrorCode : 80004005 ErrorMessage
: Unspecified error Program Message : hResult Error File : .\RWDevice.cpp
Function
: RWDevice::GetDataGroup Line : 1436

Error - 8/3/2012 10:33:55 PM | Computer Name = OCZ-PC | Source = ResScan | ID = 131328
Description = Error Date/Time : 3/8/2012 22:33:55 ErrorCode : 80004005 ErrorMessage
: Unspecified error Program Message : hResult Error File : .\RWDevice.cpp
Function
: RWDevice::GetDataGroup Line : 1436

Error - 8/3/2012 10:33:59 PM | Computer Name = OCZ-PC | Source = ResScan | ID = 131328
Description = Error Date/Time : 3/8/2012 22:33:59 ErrorCode : 80004005 ErrorMessage
: Unspecified error Program Message : hResult Error File : .\RWDevice.cpp
Function
: RWDevice::GetDataGroup Line : 1436

Error - 8/4/2012 1:36:59 PM | Computer Name = OCZ-PC | Source = ResScan | ID = 131328
Description = Error Date/Time : 4/8/2012 13:36:59 ErrorCode : 80004005 ErrorMessage
: Unspecified error Program Message : hResult Error File : .\RWDevice.cpp
Function
: RWDevice::GetDataGroup Line : 1436

Error - 8/4/2012 1:37:03 PM | Computer Name = OCZ-PC | Source = ResScan | ID = 131328
Description = Error Date/Time : 4/8/2012 13:37:3 ErrorCode : 80004005 ErrorMessage
: Unspecified error Program Message : hResult Error File : .\RWDevice.cpp
Function
: RWDevice::GetDataGroup Line : 1436

Error - 8/6/2012 8:44:36 AM | Computer Name = OCZ-PC | Source = ResScan | ID = 131328
Description = Error Date/Time : 6/8/2012 8:44:36 ErrorCode : 80004005 ErrorMessage
: Unspecified error Program Message : hResult Error File : .\RWDevice.cpp
Function
: RWDevice::GetDataGroup Line : 1436

Error - 8/6/2012 8:44:40 AM | Computer Name = OCZ-PC | Source = ResScan | ID = 131328
Description = Error Date/Time : 6/8/2012 8:44:40 ErrorCode : 80004005 ErrorMessage
: Unspecified error Program Message : hResult Error File : .\RWDevice.cpp
Function
: RWDevice::GetDataGroup Line : 1436

[ System Events ]
Error - 8/4/2012 6:04:02 PM | Computer Name = OCZ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iyrx

Error - 8/4/2012 9:28:19 PM | Computer Name = OCZ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iyrx

Error - 8/5/2012 11:24:52 AM | Computer Name = OCZ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iyrx

Error - 8/6/2012 2:18:46 AM | Computer Name = OCZ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iyrx

Error - 8/6/2012 8:43:25 AM | Computer Name = OCZ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iyrx

Error - 8/6/2012 1:54:27 PM | Computer Name = OCZ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iyrx

Error - 8/7/2012 11:12:29 AM | Computer Name = OCZ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iyrx

Error - 8/7/2012 6:20:56 PM | Computer Name = OCZ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iyrx

Error - 8/7/2012 6:30:51 PM | Computer Name = OCZ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iyrx

Error - 8/8/2012 10:53:46 AM | Computer Name = OCZ-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iyrx

< End of report >

Jay Pfoutz · Aug 9, 2012

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:OTL
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes\{DB57F403-DE63-4ED4-A852-EF5C5A5B167E}: "URL" = http://findgala.com/?&uid=5708&q={searchTerms}
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)

:commands
[emptytemp]
[resethosts]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

brucifer · Aug 9, 2012

DMJ, thank for getting back to me. Here are the contents of the requested log file:

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: OCZ
->Temp folder emptied: 102925627 bytes
->Temporary Internet Files folder emptied: 29297324 bytes
->Java cache emptied: 2975157 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2099433 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17096 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84860 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 1344090 bytes

Total Files Cleaned = 132.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.56.0 log created on 08092012_133343
Files\Folders moved on Reboot...
C:\Users\OCZ\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\OCZ\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...

Jay Pfoutz · Aug 9, 2012

Please try the script again, as many of the entries I had you delete are not included in fix log...

brucifer · Aug 9, 2012

I checked the original log file again, and it looks like I somehow did not copy all of it, so below I pasted the entire original log once again. Also, I ran the fix again, and I have pasted that log here as well. Here are the results:

First Log:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB57F403-DE63-4ED4-A852-EF5C5A5B167E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB57F403-DE63-4ED4-A852-EF5C5A5B167E}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: OCZ
->Temp folder emptied: 102925627 bytes
->Temporary Internet Files folder emptied: 29297324 bytes
->Java cache emptied: 2975157 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2099433 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17096 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84860 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 1344090 bytes

Total Files Cleaned = 132.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.56.0 log created on 08092012_133343
Files\Folders moved on Reboot...
C:\Users\OCZ\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\OCZ\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...

************************************************
Second Log:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB57F403-DE63-4ED4-A852-EF5C5A5B167E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB57F403-DE63-4ED4-A852-EF5C5A5B167E}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: OCZ
->Temp folder emptied: 1274018 bytes
->Temporary Internet Files folder emptied: 5599740 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4670 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.56.0 log created on 08092012_143308
Files\Folders moved on Reboot...
C:\Users\OCZ\AppData\Local\Temp\{A9B56EED-A23F-459B-AAC3-A30B5B129F11}\fpb.tmp moved successfully.
C:\Users\OCZ\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\OCZ\AppData\Local\Temp\{A9B56EED-A23F-459B-AAC3-A30B5B129F11}\fpb.tmp not found!
File C:\Users\OCZ\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...

Jay Pfoutz · Aug 10, 2012

Good work!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

brucifer · Aug 10, 2012

Thanks!

I ran ESET, and for some reason the C:\Program Files\EsetOnlineScanner subdirectory was not created. I found the log.txt file in the C:\Program Files (x86)\ESET\ subdirectory. Here is the log.txt file:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

ESET flagged and quarantined 7 files. Here is an image of the contents of the C:\Program Files\EsetOnlineScanner\Quarantine folder:

Jay Pfoutz · Aug 11, 2012

Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name I.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive I.e. C
For a few moments the system will make some calculations:
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

Cleaned System Restore
Ran OTC
Ran CCleaner
Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

brucifer · Aug 11, 2012

Cleaned System Restore - Done!

Ran OTC - Done!

Ran CCleaner - Done!

Ran Security Check - Done!

Security Check Log:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java(TM) 6 Update 29
Java(TM) 7 Update 5
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Problem is resolved and computer is now working fine. Thanks for your help. Please accept my donation along with my gratitude. Take care! (y)

Jay Pfoutz · Aug 12, 2012

Thanks very much. I did receive it.

Glad to hear the problem is resolved. Marked as such. √

Solved Browser redirect issue

brucifer

Posts: 10 +0

brucifer

Posts: 10 +0

Jay Pfoutz

Posts: 4,279 +49

brucifer

Posts: 10 +0

brucifer

Posts: 10 +0

brucifer

Posts: 10 +0

brucifer

Posts: 10 +0

Jay Pfoutz

Posts: 4,279 +49

brucifer

Posts: 10 +0

Jay Pfoutz

Posts: 4,279 +49

brucifer

Posts: 10 +0

Jay Pfoutz

Posts: 4,279 +49

brucifer

Posts: 10 +0

Jay Pfoutz

Posts: 4,279 +49

brucifer

Posts: 10 +0

Jay Pfoutz

Posts: 4,279 +49

Similar threads

Latest posts