Solved I think i have a virus of some sort hiding

M

MysterioMask

Posts: 128   +0
For like the last month or so. Things such as opening up an internet window, or browsing the net, putting in log in names and passwords have taken sometimes up to a minute to load. Its not like I have a slow computer or anything either. It just suddenly started acting slow and goofy mostly on accessing the internet or something related to it. Also it seems as though my comp keeps removing java or flash at random times causing them not to work. Im including a malwarebytes scan, a dds and a hijackthis log.


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.01.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ian Nicely :: IANNICELY-PC [administrator]
12/31/2012 10:59:09 PM
mbam-log-2012-12-31 (22-59-09).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 716183
Time elapsed: 2 hour(s), 16 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by Ian Nicely at 17:38:04 on 2013-01-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16362.13223 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\drivers\CDAC11BA.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\ProgramData\BOINC\projects\boinc.umiacs.umd.edu\garli-2.0_x64.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\BOINC\projects\boinc.umiacs.umd.edu\garli-2.0_x64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.196.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C808E474-4050-478E-8EAA-1199DEB0635A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C808E474-4050-478E-8EAA-1199DEB0635A}\353484F4F4C4 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{C808E474-4050-478E-8EAA-1199DEB0635A}\3547566756E63702D4F64756C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E79FF263-6DAB-4BE2-BBC5-F12F6897BE6A} : DHCPNameServer = 166.102.165.11 166.102.165.13
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
x64-Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-24 54480]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-13 13592]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-1-17 33280]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-5 378472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-13 2656280]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-1-13 174680]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2012-1-13 132624]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-1-13 1105000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-24 1436424]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-11-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-24 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 ZOOM_R16MTR;ZOOM R16_R24 Audio Interface;C:\Windows\System32\drivers\zmr16usbaudio.sys [2010-6-16 96768]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-01-01 03:44:24 -------- d-----w- C:\Users\Ian Nicely\AppData\Local\Programs
2013-01-01 03:06:19 334008 ----a-r- C:\Users\Ian Nicely\AppData\Roaming\Microsoft\Installer\{AA72DFB8-BA38-49C9-B5A4-A95FD62641F8}\BOINCMGRLink_B65C4A4D2B2A46CCA2D918164C6297B8.exe
2013-01-01 03:06:19 334008 ----a-r- C:\Users\Ian Nicely\AppData\Roaming\Microsoft\Installer\{AA72DFB8-BA38-49C9-B5A4-A95FD62641F8}\ARPPRODUCTICON.exe
2013-01-01 02:17:39 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{532EA02B-781C-4387-A123-7CBFE21CC758}\mpengine.dll
2012-12-30 00:46:45 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-21 12:43:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 12:43:01 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 12:43:00 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 12:43:00 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 23:53:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-07 22:29:38 73 ----a-w- C:\Windows\SysWow64\ssprs.dll
2012-12-07 22:29:38 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2012-12-07 22:29:38 0 ----a-w- C:\Windows\SysWow64\tmpPrst.dll
2012-12-07 19:16:47 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
.
==================== Find3M ====================
.
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-13 10:37:14 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 10:37:14 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-10 05:04:31 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-10 05:04:31 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-09 10:04:59 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-07 19:16:42 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-12-07 19:16:42 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 17:38:34.69 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2012 4:13:02 PM
System Uptime: 1/1/2013 11:44:55 AM (6 hours ago)
.
Motherboard: CLEVO | | P150HMx
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | SOCKET 0 | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 257.458 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP185: 12/13/2012 3:00:14 AM - Windows Update
RP186: 12/16/2012 7:44:07 PM - Windows Update
RP187: 12/18/2012 9:36:41 PM - Installed BOINC.
RP188: 12/21/2012 5:59:50 AM - Windows Update
RP189: 12/21/2012 7:42:53 AM - Windows Update
RP190: 12/26/2012 2:17:46 PM - Windows Update
RP191: 12/29/2012 7:46:13 PM - Windows Update
RP192: 12/31/2012 9:53:00 PM - Removed BOINC.
RP193: 12/31/2012 10:06:03 PM - Installed BOINC.
.
==== Installed Programs ======================
.
3ds max 6 Architectural Materials
3ds max 6 Reference Files
3ds max 6 Sample Files
80 Days
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Asset Services CS4
Adobe Audition 1.5
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Fonts All x64
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe InDesign CS4 Icon Handler x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AGEIA PhysX v6.11.01
AMR to MP3 Converter 1.4
Apple Application Support
Apple Software Update
Audiosurf
Autodesk 3ds Max 2011 32-bit
Autodesk 3ds Max 2011 32-bit Components
Autodesk 3ds Max 2011 64-bit
Autodesk 3ds Max 2011 64-bit Components
Autodesk Backburner 2008.1
Autodesk FBX Converter 2012.1
Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Autodesk Network License Manager
Batman: Arkham City™
Battlefield Heroes
BisonCam
BlackSite: Area 51
BOINC
Call Of Cthulhu DCoTE
character studio 4.2
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Composite 2011
Composite 2011 (64-bit)
Connect
Core Temp 1.0 RC3
CyberLink DVD Suite
CyberLink Power2Go
CyberLink PowerDVD 8
D3DX10
Dear Esther
Dual-Core Optimizer
Duke Nukem Forever
Dungeons of Dredmor
EPSON NX510 Series Printer Uninstall
Fallout 3
Fallout: New Vegas
Firestorm-Release (remove only)
Fraps (remove only)
GameSpy Arcade
Home
Hotkey 3.3020
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 9 (64-bit)
Java Auto Updater
Java(TM) 6 Update 37
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Juicer 3.88a
Junk Mail filter update
kuler
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
MeshLab 1.3.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Might & Magic ® Heroes ® VI
Monkey Island 2: Special Edition
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Netmarble Launcher
NVIDIA 3D Vision Driver 268.49
NVIDIA Control Panel 268.49
NVIDIA Graphics Driver 268.49
NVIDIA HD Audio Driver 1.2.22.1
NVIDIA Install Application
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
Oblivion
OpenAL
OpenOffice.org 3.3
Package: Theme Park
Paradise
PDF Settings CS4
Penumbra
Photoshop Camera Raw
Photoshop Camera Raw_x64
Pixel Bender Toolkit
Pixologic ZBrush 4R3
Port Royale 3
Protector Suite 2009
PunkBuster Services
QuickTime
R16_R24 Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
Recuva
Renesas Electronics USB 3.0 Host Controller Driver
S.T.A.L.K.E.R.: Call of Pripyat
S.T.A.L.K.E.R.: Clear Sky
S.T.A.L.K.E.R.: Shadow of Chernobyl
SafeCast Shared Components
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization V
Star Wars Battlefront II
Steam
Suite Shared Configuration CS4
Super Monday Night Combat
SUPERAntiSpyware
Synaptics Pointing Device Driver
Team Fortress 2
Terraria
The Elder Scrolls V: Skyrim
The Polynomial
The Secret of Monkey Island: Special Edition
THX TruStudio Pro
Tortuga - Two Treasures
Total War: SHOGUN 2 Demo
Ubisoft Game Launcher
Uncharted Waters Online
Universe Sandbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VLC media player 1.1.11
Vuze
Wasteland, Floppy disk (PC DOS) 1988, Interplay
WebCam Installer
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.10 (64-bit)
WinUndelete 3.50
Worms Reloaded
Yahoo! Messenger
YTD Video Downloader 3.9.5
ZBrush 4R2
.
==== Event Viewer Messages From Past Week ========
.
12/26/2012 2:07:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PowerBiosServer service to connect.
12/26/2012 2:07:52 PM, Error: Service Control Manager [7000] - The PowerBiosServer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/1/2013 11:45:28 AM, Error: Service Control Manager [7000] - The lirsgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
1/1/2013 11:45:28 AM, Error: Service Control Manager [7000] - The limsgt service failed to start due to the following error: This driver has been blocked from loading
1/1/2013 11:45:28 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\limsgt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/1/2013 11:45:27 AM, Error: Service Control Manager [7000] - The CdaC15BA service failed to start due to the following error: This driver has been blocked from loading
1/1/2013 11:45:27 AM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
1/1/2013 11:45:27 AM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\CDAC15BA.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/1/2013 11:45:24 AM, Error: Service Control Manager [7000] - The athsgt service failed to start due to the following error: This driver has been blocked from loading
1/1/2013 11:45:24 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\athsgt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/1/2013 11:45:05 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

[HJT log removed by Broni]
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

Which browser is affected?
What about other browser(s)?.

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

======================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
I am running usually windows internet explorer 9.0.8112.16421. I have mozilla firefox I use on rare occasions. IE is slower than firefox, but both seemed to be slower than they should have been. Also when I did the aswmbr scan it would lock up everytime at one point so I just forced the save log where it was.

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ian Nicely [Admin rights]
Mode : Scan -- Date : 01/01/2013 20:45:02
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\boinc.scr) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] ff3f6c5df3e3210d6c758e125f7cebdb
[BSP] f1ab375bfea395f34e87ffecb3280ee5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715301 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_01012013_02d2045.txt >>
RKreport[1]_S_01012013_02d2045.txt



RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ian Nicely [Admin rights]
Mode : Remove -- Date : 01/01/2013 20:45:51
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\boinc.scr) -> REPLACED (C:\Windows\system32\logon.scr)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] ff3f6c5df3e3210d6c758e125f7cebdb
[BSP] f1ab375bfea395f34e87ffecb3280ee5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715301 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_01012013_02d2045.txt >>
RKreport[1]_S_01012013_02d2045.txt ; RKreport[2]_D_01012013_02d2045.txt


RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ian Nicely [Admin rights]
Mode : Remove -- Date : 01/01/2013 20:46:27
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] ff3f6c5df3e3210d6c758e125f7cebdb
[BSP] f1ab375bfea395f34e87ffecb3280ee5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715301 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3]_D_01012013_02d2046.txt >>
RKreport[1]_S_01012013_02d2045.txt ; RKreport[2]_D_01012013_02d2045.txt ; RKreport[3]_D_01012013_02d2046.txt


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-01 21:07:43
-----------------------------
21:07:43.543 OS Version: Windows x64 6.1.7601 Service Pack 1
21:07:43.543 Number of processors: 8 586 0x2A07
21:07:43.543 ComputerName: IANNICELY-PC UserName: Ian Nicely
21:07:45.821 Initialize success
21:07:55.212 AVAST engine defs: 13010101
21:08:00.017 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:08:00.017 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
21:08:00.032 Disk 0 MBR read successfully
21:08:00.032 Disk 0 MBR scan
21:08:00.032 Disk 0 Windows 7 default MBR code
21:08:00.032 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:08:00.064 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715301 MB offset 206848
21:08:00.142 Disk 0 scanning C:\Windows\system32\drivers
21:08:12.076 Service scanning
21:08:40.031 Modules scanning
21:08:40.031 Disk 0 trace - called modules:
21:08:40.093 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:08:40.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800db02790]
21:08:40.093 3 CLASSPNP.SYS[fffff88001d5743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d794050]
21:08:45.085 AVAST engine scan C:\Windows
21:08:49.547 AVAST engine scan C:\Windows\system32
21:12:50.021 AVAST engine scan C:\Windows\system32\drivers
21:14:09.784 AVAST engine scan C:\Users\Ian Nicely
21:41:12.642 Disk 0 MBR has been saved successfully to "C:\Users\Ian Nicely\Desktop\MBR.dat"
21:41:12.673 The log file has been saved successfully to "C:\Users\Ian Nicely\Desktop\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 13-01-01.02 - Ian Nicely 01/01/2013 22:53:27.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16362.13773 [GMT -5:00]
Running from: c:\users\Ian Nicely\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\lsprst7.dll
c:\windows\SysWow64\ssprs.dll
c:\windows\SysWow64\tmpPrst.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-02 to 2013-01-02 )))))))))))))))))))))))))))))))
.
.
2013-01-02 04:00 . 2013-01-02 04:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-02 04:00 . 2013-01-02 04:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-02 02:06 . 2013-01-02 02:06 -------- d-----w- c:\users\Ian Nicely\AppData\Local\VirtualStore
2013-01-02 01:38 . 2013-01-02 01:38 -------- d-----w- c:\users\Ian Nicely\AppData\Local\Mozilla
2013-01-01 22:39 . 2013-01-01 22:39 388096 ----a-r- c:\users\Ian Nicely\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-01 22:39 . 2013-01-01 22:39 -------- d-----w- c:\program files (x86)\Trend Micro
2013-01-01 03:44 . 2013-01-01 03:44 -------- d-----w- c:\users\Ian Nicely\AppData\Local\Programs
2013-01-01 03:06 . 2013-01-01 03:06 334008 ----a-r- c:\users\Ian Nicely\AppData\Roaming\Microsoft\Installer\{AA72DFB8-BA38-49C9-B5A4-A95FD62641F8}\BOINCMGRLink_B65C4A4D2B2A46CCA2D918164C6297B8.exe
2013-01-01 03:06 . 2013-01-01 03:06 334008 ----a-r- c:\users\Ian Nicely\AppData\Roaming\Microsoft\Installer\{AA72DFB8-BA38-49C9-B5A4-A95FD62641F8}\ARPPRODUCTICON.exe
2013-01-01 02:17 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{532EA02B-781C-4387-A123-7CBFE21CC758}\mpengine.dll
2012-12-30 00:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-21 12:43 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 12:43 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 12:43 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 12:43 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 23:53 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-07 19:16 . 2012-12-07 19:16 289768 ----a-w- c:\windows\system32\javaws.exe
2012-12-07 19:16 . 2012-12-07 19:16 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-07 19:16 . 2012-12-07 19:16 189416 ----a-w- c:\windows\system32\javaw.exe
2012-12-07 19:16 . 2012-12-07 19:16 188904 ----a-w- c:\windows\system32\java.exe
2012-12-07 19:16 . 2012-12-07 19:16 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 21:49 . 2012-01-25 00:36 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-13 10:37 . 2012-04-04 00:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 10:37 . 2012-01-24 23:19 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 08:02 . 2012-01-24 22:27 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-10 05:04 . 2012-07-08 16:54 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-10 05:04 . 2012-07-08 16:40 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-09 10:04 . 2012-07-08 16:40 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-07 19:16 . 2012-11-30 06:20 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-07 19:16 . 2012-11-30 06:20 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-30 01:16 . 2012-11-30 01:16 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DACA331F-0D72-4EA0-8F1C-358F66EA1159}\gapaengine.dll
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 01:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 01:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 01:43 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 04:25 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-15 04:25 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 04:25 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 04:25 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 23:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-12-26 210216]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-01-25 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-1-17 2946560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 athsgt;athsgt;c:\windows\system32\DRIVERS\athsgt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 limsgt;limsgt;c:\windows\system32\DRIVERS\limsgt.sys [x]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-01-25 288112]
R3 ALSysIO;ALSysIO;c:\users\IANNIC~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-28 1436424]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-24 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 ZOOM_R16MTR;ZOOM R16_R24 Audio Interface;c:\windows\system32\Drivers\zmr16usbaudio.sys [2010-06-17 96768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-22 140672]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-01-18 33280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-05 378472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-06-23 174680]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-12-04 1105000]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 10:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-04-27 23:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-04-27 23:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2012-05-15 5860016]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2012-05-15 70832]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\users\Ian Nicely\AppData\Roaming\Mozilla\Firefox\Profiles\gt77pi1r.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:9a,69,e2,3e,fd,12,5d,06,57,5e,6b,7a,b9,2a,23,df,bb,9d,53,52,51,
ee,bd,44,50,d8,06,b9,6b,79,2c,9c,62,07,9c,48,e2,43,32,6b,70,e2,1d,37,8b,07,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\01\03\19\01\009?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9a,69,e2,3e,fd,12,5d,06,57,5e,6b,7a,b9,2a,23,df,bb,9d,53,52,51,
ee,bd,44,50,d8,06,b9,6b,79,2c,9c,62,07,9c,48,e2,43,32,6b,70,e2,1d,37,8b,07,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-01 23:02:34
ComboFix-quarantined-files.txt 2013-01-02 04:02
ComboFix2.txt 2012-11-28 10:57
.
Pre-Run: 278,172,565,504 bytes free
Post-Run: 278,065,303,552 bytes free
.
- - End Of File - - 74901963C224F2BBFC43BEA36A2BD123
 
Looks good.

Any current issues?

=====================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

==========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Faster than it was, I wouldnt say its great though, but then again it might be back to normal and its all in my head cuz ive been dealing with it for a while. But definatly better than it was I think.


# AdwCleaner v2.104 - Logfile created 01/02/2013 at 13:22:11
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ian Nicely - IANNICELY-PC
# Boot Mode : Normal
# Running from : C:\Users\Ian Nicely\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v9.0.1 (en-US)
File : C:\Users\Ian Nicely\AppData\Roaming\Mozilla\Firefox\Profiles\gt77pi1r.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [999 octets] - [02/01/2013 13:22:11]
########## EOF - C:\AdwCleaner[S1].txt - [1058 octets] ##########


OTL logfile created on: 1/2/2013 1:26:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ian Nicely\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 14.03 Gb Available Physical Memory | 87.81% Memory free
31.95 Gb Paging File | 29.85 Gb Available in Paging File | 93.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 260.12 Gb Free Space | 37.24% Space Free | Partition Type: NTFS

Computer Name: IANNICELY-PC | User Name: Ian Nicely | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/02 13:20:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ian Nicely\Desktop\OTL.exe
PRC - [2012/11/19 21:48:16 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/07/31 03:19:26 | 000,041,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2012/07/30 14:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/07/08 11:40:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/25 13:17:10 | 000,054,784 | ---- | M] (Macrovision) -- C:\Windows\SysWOW64\drivers\CDAC11BA.EXE
PRC - [2011/05/05 09:36:20 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/30 03:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/30 03:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/01 16:24:42 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 16:24:40 | 000,326,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/17 20:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
PRC - [2011/01/17 19:04:56 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
PRC - [2010/11/17 12:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/01 16:25:36 | 001,374,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2010/03/10 00:38:18 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
PRC - [2009/07/16 20:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 23:20:27 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/15 23:17:38 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/15 23:17:36 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\089236f41e5accbc3654fb51ce25277f\IAStorUtil.ni.dll
MOD - [2012/11/15 23:17:36 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\cb5acf4c838ef0dec864065683d5d38b\IAStorCommon.ni.dll
MOD - [2012/11/15 20:43:13 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012/11/15 20:42:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 20:42:49 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/15 20:42:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 20:42:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 20:42:28 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/15 20:42:28 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012/11/15 20:42:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/15 20:42:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/15 20:42:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/15 20:42:08 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 20:41:59 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011/01/17 20:01:44 | 002,946,560 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
MOD - [2009/06/06 17:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll
MOD - [2009/06/03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/22 09:18:37 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/05/28 15:35:52 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/10 00:38:18 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe -- (mi-raysat_3dsmax2011_64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/19 23:50:42 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/13 05:37:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/19 21:48:16 | 002,462,128 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/07/08 11:40:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/25 13:17:10 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\Windows\SysWOW64\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2012/01/25 00:50:17 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2012/01/13 17:59:51 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/05 09:36:20 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/30 03:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/01 16:24:42 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 16:24:40 | 000,326,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/17 19:04:56 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/26 03:27:23 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/01/26 03:27:23 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012/01/25 00:40:50 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/23 13:26:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/05/13 18:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/11 13:13:06 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/26 14:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/14 16:24:56 | 000,132,624 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010/12/03 22:29:00 | 001,105,000 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/19 13:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 13:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/16 22:14:56 | 001,393,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/16 21:15:56 | 000,096,768 | ---- | M] (Zoom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zmr16usbaudio.sys -- (ZOOM_R16MTR)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2012/01/25 13:17:11 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2012/01/25 00:40:50 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/09/28 14:57:36 | 000,164,992 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\athsgt.sys -- (athsgt)
DRV - [2005/09/28 14:57:36 | 000,012,544 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\limsgt.sys -- (limsgt)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3969654736-3420637775-2018531052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3969654736-3420637775-2018531052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3969654736-3420637775-2018531052-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3969654736-3420637775-2018531052-1001\..\SearchScopes\{9A4C40B7-3C52-44B7-A61F-32A8F0D8B7EA}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3969654736-3420637775-2018531052-1001\..\SearchScopes\{9A63AED8-FDFC-4B70-A5DF-2DD8529401A7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKU\S-1-5-21-3969654736-3420637775-2018531052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/18 15:38:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/01 20:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian Nicely\AppData\Roaming\Mozilla\Extensions
[2012/10/17 15:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/15 15:45:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/30 17:57:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/17 15:49:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/01/01 23:00:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4:64bit: - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4:64bit: - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3969654736-3420637775-2018531052-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3969654736-3420637775-2018531052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3969654736-3420637775-2018531052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.196.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C808E474-4050-478E-8EAA-1199DEB0635A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E79FF263-6DAB-4BE2-BBC5-F12F6897BE6A}: DhcpNameServer = 166.102.165.11 166.102.165.13
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/02 13:20:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ian Nicely\Desktop\OTL.exe
[2013/01/02 13:17:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/01 23:02:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/01 21:06:20 | 000,000,000 | ---D | C] -- C:\Users\Ian Nicely\AppData\Local\VirtualStore
[2013/01/01 20:43:56 | 000,000,000 | ---D | C] -- C:\Users\Ian Nicely\Desktop\RK_Quarantine
[2013/01/01 20:40:47 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Ian Nicely\Desktop\aswMBR.exe
[2013/01/01 20:38:55 | 000,000,000 | ---D | C] -- C:\Users\Ian Nicely\AppData\Local\Mozilla
[2013/01/01 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Ian Nicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/01/01 17:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/01/01 17:31:50 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ian Nicely\Desktop\dds.com
[2012/12/31 22:44:24 | 000,000,000 | ---D | C] -- C:\Users\Ian Nicely\AppData\Local\Programs
[2012/12/31 22:06:19 | 000,000,000 | ---D | C] -- C:\Users\Ian Nicely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOINC
[2012/12/31 22:04:32 | 008,978,768 | ---- | C] (Space Sciences Laboratory, U.C. Berkeley) -- C:\Users\Ian Nicely\Desktop\boinc_7.0.28_windows_x86_64.exe
[2012/12/26 14:17:39 | 000,000,000 | ---D | C] -- C:\Users\Ian Nicely\Desktop\DCIM
[2012/12/07 14:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/02 13:31:24 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 13:31:24 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 13:23:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/02 13:22:54 | 4277,297,150 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/02 13:20:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ian Nicely\Desktop\OTL.exe
[2013/01/02 02:44:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/01 23:00:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/01 22:46:51 | 005,017,261 | R--- | M] (Swearware) -- C:\Users\Ian Nicely\Desktop\ComboFix.exe
[2013/01/01 21:41:12 | 000,000,512 | ---- | M] () -- C:\Users\Ian Nicely\Desktop\MBR.dat
[2013/01/01 20:41:31 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Ian Nicely\Desktop\aswMBR.exe
[2013/01/01 20:40:12 | 000,761,856 | ---- | M] () -- C:\Users\Ian Nicely\Desktop\RogueKiller.exe
[2013/01/01 17:39:59 | 000,002,999 | ---- | M] () -- C:\Users\Ian Nicely\Desktop\HiJackThis.lnk
[2013/01/01 17:33:51 | 001,402,880 | ---- | M] () -- C:\Users\Ian Nicely\Desktop\HiJackThis.msi
[2013/01/01 17:31:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ian Nicely\Desktop\dds.com
[2012/12/31 22:44:32 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/31 22:04:33 | 008,978,768 | ---- | M] (Space Sciences Laboratory, U.C. Berkeley) -- C:\Users\Ian Nicely\Desktop\boinc_7.0.28_windows_x86_64.exe
[2012/12/26 15:18:18 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/26 15:18:18 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/26 15:18:18 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/22 00:36:11 | 002,909,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/18 13:31:05 | 003,494,296 | ---- | M] () -- C:\Users\Ian Nicely\Desktop\01_Hans_Zimmer_-_Discombobulate_(Sherlock_Holmes).mp3
[2012/12/16 06:06:35 | 000,328,135 | ---- | M] () -- C:\Users\Ian Nicely\Desktop\BS2013.jpg
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/11 17:08:28 | 007,628,848 | ---- | M] () -- C:\Users\Ian Nicely\Desktop\Wtfbrahh_-_The_Servers_Are_Down_(Deluxe_Dubstep_Remix)_-_1.mp3
[2012/12/11 16:40:03 | 000,403,004 | ---- | M] () -- C:\Users\Ian Nicely\Desktop\Eve Services.jpg
[2012/12/10 15:28:52 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
[2012/12/10 15:28:52 | 000,000,087 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz
[2012/12/10 15:28:52 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2012/12/10 00:04:31 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/10 00:04:31 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/09 05:04:59 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/07 17:30:31 | 071,197,224 | ---- | M] () -- C:\Users\Ian Nicely\Documents\People singing Christmas songs at the mall and everybody sings along wonderful and touching.mov
[2012/12/07 17:29:38 | 000,000,014 | ---- | M] () -- C:\Windows\SysWow64\tmpPrst.tgz
[2012/12/06 21:00:29 | 084,359,036 | ---- | M] () -- C:\Users\Ian Nicely\Documents\People singing Christmas songs at the mall and everybody sings along wonderful and touching.avi
[2012/12/06 20:56:45 | 025,791,984 | ---- | M] () -- C:\Users\Ian Nicely\Documents\People singing Christmas songs at the mall and everybody sings along wonderful and touching.flv
[2012/12/06 20:51:59 | 000,001,300 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/01 21:41:12 | 000,000,512 | ---- | C] () -- C:\Users\Ian Nicely\Desktop\MBR.dat
[2013/01/01 20:40:12 | 000,761,856 | ---- | C] () -- C:\Users\Ian Nicely\Desktop\RogueKiller.exe
[2013/01/01 17:39:59 | 000,002,999 | ---- | C] () -- C:\Users\Ian Nicely\Desktop\HiJackThis.lnk
[2013/01/01 17:33:51 | 001,402,880 | ---- | C] () -- C:\Users\Ian Nicely\Desktop\HiJackThis.msi
[2012/12/18 13:31:02 | 003,494,296 | ---- | C] () -- C:\Users\Ian Nicely\Desktop\01_Hans_Zimmer_-_Discombobulate_(Sherlock_Holmes).mp3
[2012/12/16 06:06:33 | 000,328,135 | ---- | C] () -- C:\Users\Ian Nicely\Desktop\BS2013.jpg
[2012/12/11 17:08:22 | 007,628,848 | ---- | C] () -- C:\Users\Ian Nicely\Desktop\Wtfbrahh_-_The_Servers_Are_Down_(Deluxe_Dubstep_Remix)_-_1.mp3
[2012/12/11 16:40:01 | 000,403,004 | ---- | C] () -- C:\Users\Ian Nicely\Desktop\Eve Services.jpg
[2012/12/07 17:29:38 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\tmpPrst.tgz
[2012/12/06 20:58:55 | 071,197,224 | ---- | C] () -- C:\Users\Ian Nicely\Documents\People singing Christmas songs at the mall and everybody sings along wonderful and touching.mov
[2012/12/06 20:58:38 | 084,359,036 | ---- | C] () -- C:\Users\Ian Nicely\Documents\People singing Christmas songs at the mall and everybody sings along wonderful and touching.avi
[2012/12/06 20:52:32 | 025,791,984 | ---- | C] () -- C:\Users\Ian Nicely\Documents\People singing Christmas songs at the mall and everybody sings along wonderful and touching.flv
[2012/08/31 02:04:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/31 02:04:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/31 02:04:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/31 02:04:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/31 02:04:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/08 11:40:27 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/08 11:40:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/01 03:56:41 | 000,005,120 | ---- | C] () -- C:\Users\Ian Nicely\AppData\Local\Databases.db
[2012/01/28 16:16:09 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/26 03:51:02 | 000,164,992 | ---- | C] () -- C:\Windows\SysWow64\drivers\athsgt.sys
[2012/01/26 03:51:02 | 000,012,544 | ---- | C] () -- C:\Windows\SysWow64\drivers\limsgt.sys
[2012/01/25 00:54:07 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/01/25 00:54:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012/01/25 00:54:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012/01/25 00:54:06 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/01/13 17:59:58 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/01/13 17:59:58 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/01/13 17:59:58 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/01/13 17:59:56 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/01/13 17:59:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/01/13 17:52:32 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/01/13 17:50:50 | 000,000,102 | R--- | C] () -- C:\Windows\OEM.ini
[2012/01/13 17:50:50 | 000,000,020 | R--- | C] () -- C:\Windows\Bison.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/07 02:11:55 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\Autodesk
[2012/12/13 20:26:45 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\Azureus
[2012/01/25 13:59:51 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\DigitalJuice
[2012/06/24 01:23:24 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\Firestorm
[2012/07/24 22:31:32 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\LucasArts
[2012/10/16 23:57:20 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\Might & Magic Heroes VI
[2012/08/28 03:35:40 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2012/05/17 23:57:55 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\OpenOffice.org
[2012/07/30 16:04:05 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\Polynomial
[2012/01/24 16:13:46 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\Protector Suite
[2012/02/05 00:40:54 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\SecondLife
[2012/01/28 16:16:46 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\System
[2012/08/27 19:03:02 | 000,000,000 | ---D | M] -- C:\Users\Ian Nicely\AppData\Roaming\The Creative Assembly
[2012/01/28 16:18:17 | 000,000,000 | -HSD | M] -- C:\Users\Ian Nicely\AppData\Roaming\wyUpdate AU

========== Purity Check ==========


< End of report >
 
OTL Extras logfile created on: 1/2/2013 1:26:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ian Nicely\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 14.03 Gb Available Physical Memory | 87.81% Memory free
31.95 Gb Paging File | 29.85 Gb Available in Paging File | 93.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 260.12 Gb Free Space | 37.24% Space Free | Partition Type: NTFS

Computer Name: IANNICELY-PC | User Name: Ian Nicely | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B069C42-827A-4EF7-B827-B1B8D5443412}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0DE0799A-F06D-45C9-B505-ABA653F76B3E}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{0E88279F-2BBA-40CD-B52A-25EFDCE1B9A6}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{119BC89F-3B84-4831-8DA0-1C973B49D003}" = rport=138 | protocol=17 | dir=out | app=system |
"{14D49E96-2B6F-4CC0-B6CB-EEBC328682D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CCD5720-254B-4757-80BA-33B9B3712E86}" = lport=10243 | protocol=6 | dir=in | app=system |
"{240814FE-DFF6-4B61-B0F1-C6889166CBA2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FCCA0B3-4571-4A77-9CB5-4CC6285D5F1A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31E673D3-8F44-4913-8849-0F74A86B4ADE}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{3211F4B8-C325-4433-B68E-392AFE3B509D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{369189F8-68E5-4901-A9AA-05E0A846B340}" = lport=138 | protocol=17 | dir=in | app=system |
"{3B584587-E68A-4594-A88D-94EDF95E5F13}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C3635BE-32AD-43D6-94AE-C87ED149A117}" = rport=445 | protocol=6 | dir=out | app=system |
"{3FF375BC-2049-4500-8B71-EE7B8CCB6218}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{59A39425-4733-4162-BCDF-D230C5C1C2B2}" = rport=139 | protocol=6 | dir=out | app=system |
"{59CE9ED5-E4DF-4C01-9F55-B243297E604D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5BCBE92F-39F1-4B81-891A-D19AC5A9B50B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6D43310F-80DD-423C-B5A5-E52D193212AF}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{72BB426C-FF89-44F6-8256-E48EE36EE4F5}" = rport=137 | protocol=17 | dir=out | app=system |
"{7BA42A0B-6457-4D83-A98C-54E583882CD8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8A7E4160-8E6B-4357-B477-25BD0EE99A0F}" = lport=139 | protocol=6 | dir=in | app=system |
"{98703D28-35A9-431D-A588-CA940AB47014}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B1D05123-FBCC-46D7-AB94-C8990217BE2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C33C8903-BF44-4668-B1B3-49DF16A72E4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D940616B-193D-4A32-BCBA-6736C9B03526}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB291B91-5205-45C2-8361-D2840E0D6245}" = lport=445 | protocol=6 | dir=in | app=system |
"{EABB5C41-0B74-43B8-8F43-E7148FE5F464}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F25509AA-CC52-41DF-940F-765ED434CF56}" = lport=137 | protocol=17 | dir=in | app=system |
"{F8AAE260-219B-4EA2-80D8-3397548B54D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F94951DC-AE6F-4717-B9FC-1D7EFE24529A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0636564B-A473-4925-9734-A9D63E5F7843}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0763C1B2-67E4-49EB-9555-2C1AC1049DD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0868074D-00F9-4564-BB29-F2DC81E86BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\home\home-win-eng.exe |
"{0891E38F-B2E2-4B7E-A3EA-ECE9D772B0BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{0A731131-41AA-48C0-BE1D-192692E2F024}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{0B8F6976-E592-43C3-8340-DEF16F3AB90E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{0E877656-FCE0-40D8-BF7B-80DD1F6269E5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\home\home pc v1.3.1s.exe |
"{0FE53EBB-2427-4AF2-88C6-46BF7B2317B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{1347AE88-ABA2-4831-92A5-A7BE71F87098}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{134FD2C6-A123-4D4A-9BF4-283D8C27677B}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{1519064B-5690-486D-A3C1-BA23B17E8889}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{154EF569-9D91-466C-BD05-5E0E4CF16508}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thepolynomial\polynomial.exe |
"{16CD0D30-A47A-40A7-A4C3-506EA3B39D5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18E32143-598D-4FEA-A713-2E86F3102B31}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A1616E6-5D42-4116-A789-2241EE7633B9}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{1F15164B-C758-4464-B8C1-BBA0EA269970}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{202C7889-D8D6-4EBB-9091-F5B219BAD9B6}" = protocol=17 | dir=in | app=c:\program files (x86)\opinionsquare\opnsqr.exe |
"{209892AD-4653-4C10-8D2D-BF75AF2EF992}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{217976BA-3DDE-4A3D-A352-0306E5ABAD43}" = protocol=6 | dir=in | app=c:\program files (x86)\opinionsquare\opnsqr.exe |
"{21FB9A7C-A45B-4079-AD1C-8617E5F61B7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2 demo\shogun2.exe |
"{2328BBA3-0FC8-4469-B16B-0CCC5EA13F18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2586B8F0-C566-4D98-B8DA-319CA6571E32}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{2862368F-1453-4E1C-80CB-30808EA33688}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{28CB042C-B012-4D17-BBE2-E77A36748929}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{2A3BE3DD-978D-454F-9DAC-E5E3EB9CD438}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{2E9969B3-AA09-417B-8108-BD8E14365401}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37E74C8D-AD9E-4E2A-AD48-EE3D6366F04A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39FCEAD8-37B4-43F5-8548-54C8BBAC4BB5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3A8B5E07-8E6B-4303-A762-9AD546C7DD4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{41539CC8-E043-414E-9BDF-9CA895222CA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{42C5686E-FEA3-4917-8502-797A4F350A12}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{4526003F-8513-4238-A701-7C53D9B5BC00}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{45F8B7C4-DB72-48D7-B31E-5992D3DF8D68}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{4656FAA2-DE21-49D9-9F02-709518411C1C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{47117C5C-0C96-4870-9BE8-87FCAC11FAA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe |
"{474F3568-53A2-4C04-B23F-8877DBC3799C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{47B9D79A-696E-4454-9315-2C910CF18365}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{48641306-52B3-41A3-B899-68C9E88660F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{48D2825E-81CC-4288-8C33-28E343B389BE}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"{4A4C7691-8234-464B-B22B-94FED96562EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4A97DAA4-5E9B-40A6-B27E-95F70AB59941}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{4A993A9C-69F7-48EC-AC53-50ADDE9A2504}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{4C81C6E8-B40F-49D1-9534-FBBECF8FD08F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{4C974DC2-96BF-4F3F-B619-F928227DC2F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2 demo\shogun2.exe |
"{4E7404BA-CE74-4037-A8F3-749D25D4CDC5}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_64.exe |
"{51DCF01B-506D-44D3-8251-C3EF68CC9CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{5DB185A9-3ACF-4069-8A08-E06FCA161F6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5EA051DA-A11D-476A-BBC2-25111A2ABEAA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5EEDE839-3F1F-4643-BE3E-E5A17B270BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker clear sky\bin\xrengine.exe |
"{5EF856F9-DC92-4F02-828A-436933E1EE6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60A09B4D-F44C-4E10-A1CF-4E8A89804CE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{6146DB73-E0DB-4934-B308-54C618487A79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{61DFE57A-26C8-4188-8DAB-A9A26568DA5E}" = protocol=58 | dir=in | app=system |
"{63628B74-26D8-4649-969E-94BF391805E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{63B8B61B-9371-43DF-B60D-1F619186EDFF}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{664FE6C9-694D-47F3-8C60-DB663A0AB938}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{6950B150-B987-4495-8D97-886943408F5F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6997EEE6-0057-4D43-A717-958271B22D48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{6AE8A4BD-A217-4968-95B8-694EEA546E39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{6BF33B99-7653-4B0F-A0C1-632AB151110D}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6D540687-FCD7-4261-879E-BAF9B64D7EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{6E91F9F0-1D37-4E17-AB66-4776D0331C9D}" = protocol=17 | dir=in | app=c:\program files (x86)\firestorm-release\slplugin.exe |
"{709F4234-60D2-4D5C-9A5E-363BF86CBE35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{71160812-2C07-48F2-A2A7-7D35C344EBE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{732B7C23-117D-4F10-BA33-6F2BD4BBEEBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7529B5CA-542B-45B3-AE5C-A043DB0AE5D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{7535FAE9-033A-4801-91BA-2BABE7C9D627}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{76809E74-531E-4F2C-A0A9-A5864729B80E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thepolynomial\polynomial.exe |
"{78BD3581-666D-405C-81B9-CE3248EDF688}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{79D42BF4-2264-4C86-BF6C-605114E643AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{7C31A30C-43DB-4098-84A1-3672CB221A03}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{7E2E5600-BEE6-4BEE-A62C-AD7FA4AF2A57}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{7F5E37EF-AAAD-400D-A5A4-2AFC1836B005}" = protocol=17 | dir=in | app=c:\program files (x86)\opinionsquare\opnsqr.exe |
"{80C5FC35-DF02-48AC-BDC6-E83DBED674DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{82250434-C262-496D-B37A-A7F9481C9BC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{8545FB20-A983-4CB0-9E77-5D9E62D670E7}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{85D428BB-7622-42AC-B039-DF44AF9C69BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{86F6D196-EEE4-4748-94C8-C5623E9F4709}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\home\home pc v1.3.1s.exe |
"{872FFE59-DAF9-4A89-84E1-33F3C8F96453}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe |
"{8C7B5804-8E36-405C-9610-3170806D313E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{8E982A60-0FDF-4D49-A3AF-1843925E99F1}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe |
"{8F02F64A-15EB-4C53-8F24-34C2E2B6CA3E}" = protocol=6 | dir=in | app=c:\program files (x86)\firestorm-release\slplugin.exe |
"{981B0849-27A7-4891-BF5D-CB28788BB395}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D9A9AAB-5D36-4D99-A278-FBB3B5710C50}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{9D9E40AD-EA74-4E86-BF29-7EE602622A7C}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{9EE98FB0-C04F-4B59-85AC-943E9F429C9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\port royale 3\portroyale3.exe |
"{9FC6EB8D-9FFE-450F-973C-763CCB82A76C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{A2CE2911-1476-4E85-B49F-C2F2919DAE8D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A3AECCAB-FB84-44A6-890E-C8B5C9860A51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{A3FD398C-0C66-4BA5-8833-361F1D3671E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\home\home-win-eng.exe |
"{A5C91D82-5362-4D38-BB04-A050704BA736}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{A6ED1F09-5026-40DC-9E62-35287D98B4A5}" = protocol=17 | dir=in | app=c:\program files (x86)\midway home entertainment\blacksite area 51\binaries\blacksite.exe |
"{AA44AE20-C405-4CBA-87FD-0B4B17230BDF}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{AA8D5C1F-1DE4-4748-B4F3-83A323B8CCE5}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\3dsmax.exe |
"{AAAAA243-AC79-4A73-AFCB-E4D2D4EEDD9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker clear sky\bin\xrengine.exe |
"{AEBE7B76-598B-4B4D-AB02-FFC56F1C73B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{B3DDD5CC-54F6-4D6D-8A40-14F4E763EE7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B8670A38-C0E4-4DF1-8AA4-C602289DE4F9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BBFA63B6-CA28-4777-8092-1C70AE134C44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{BE3CF561-85C2-4F07-B0BD-A2262ECB36B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BFDF41CF-79F2-44AF-B587-5B12BECCA3AF}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{C1486E92-856D-4DB8-8AA6-39C27BA9A820}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{C20A2924-ED92-423F-AD7B-18355AC75CEA}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_64.exe |
"{C31109EC-FD93-4F64-A735-AA84472F87EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C347203C-CD38-4D5E-BD31-A2117975DBB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{C426D4F1-BA13-4028-A769-01E52AAC8639}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{C692B2B3-B221-46E6-98BD-9E47E6BD0FB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{C78C401F-2698-4ABD-8936-EA45278D9D87}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{C941C530-737C-48C2-80CA-F1C877A612BA}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{CAECE62C-65FB-406E-BE64-B77E24711184}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{CEDDE2EF-F809-4541-B6AE-25585FC38387}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D0EE65DC-FA7B-4938-B846-3C14054A7DFC}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D3B88C10-B8B3-4C6C-80B8-AED95F117C2B}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{D71FDB77-F3F0-425B-94A9-87F0C1A6F08B}" = protocol=6 | dir=out | app=system |
"{D8416D3B-788B-48F9-A8D0-F2761A9B7C40}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{D8C974B4-D034-47E5-86E9-2133786B323D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\port royale 3\portroyale3.exe |
"{DB02A109-41BA-4D4E-B12D-8C899D2CD67F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{DB7DCB14-C883-41BB-9C87-26DEF793DDC2}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{DBC003E2-AEE2-4B7C-BA90-3FBED33662AC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{E00642F3-3DBA-46B0-959F-578112C2C3EF}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{E18F5DCE-2CA0-41FA-A9CC-FC6CAF090C14}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{E2F0CA50-A283-4414-92C3-D9D1639935F9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E73DEBB0-E9EA-4E58-B327-EBC9FA459E01}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EBAE64EE-DED2-443E-AF44-F12992B4B717}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EBB30E68-3B3E-4F92-BA13-CF51C7056EC4}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{EBC00265-6967-4D14-84FA-3DACE5544165}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{EC4B4D91-DBAB-4A3A-B307-566C0053D592}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\3dsmax.exe |
"{ED63117C-CA18-44F2-8FC9-E19380A38F57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{EDF276C8-C418-4D2D-B811-1025D235B70E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{EE7C7CCE-8219-493C-AD79-566DDF071EF2}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe |
"{F4CB95B0-CE09-49C0-8F17-7C48081F7B83}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F7924363-6D9E-47E0-BA4A-3ACC8C04FC00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8136EA3-71F7-417B-96C6-7D9C5F10C48A}" = protocol=6 | dir=in | app=c:\program files (x86)\midway home entertainment\blacksite area 51\binaries\blacksite.exe |
"{F9AA323B-655C-4860-BE6E-53E3ADAA4127}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"{F9CCDBAF-1755-4C89-A0CE-6DEEF7E9FA36}" = protocol=6 | dir=in | app=c:\program files (x86)\opinionsquare\opnsqr.exe |
"{FA32DBE8-3428-4258-9A92-E23A2D8AA310}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{11533579-B884-4DA3-8042-63ECE9718FAA}C:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe" = protocol=6 | dir=in | app=c:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe |
"TCP Query User{16F41691-60FD-4632-8700-3755556D191A}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"TCP Query User{19880279-BB2A-4AD6-81B7-52647153C002}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{19BE1E5D-579D-4B56-ABE5-9CBADE429634}C:\program files (x86)\firestorm-release\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firestorm-release\slvoice.exe |
"TCP Query User{2171C4AE-AB5E-4FB5-B414-F13BE7BA81B7}C:\program files (x86)\firestorm-release\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firestorm-release\slvoice.exe |
"TCP Query User{5A5DEF6D-E9AD-4D92-97A3-B9437F75F14C}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"TCP Query User{715ABE43-AA70-4FBD-A909-27C7163D7113}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{A0C45EAD-5DEA-48F7-AA79-44BFDC7CC419}C:\program files (x86)\phoenix viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phoenix viewer\slvoice.exe |
"TCP Query User{A63CD433-F9C0-45AE-9FA9-604BB8B67FD0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B059E637-19FD-408A-8028-FDAA20D2868C}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{C7F57E5D-9EB4-4807-94B9-D1D064037B14}C:\program files (x86)\steam\steamapps\mmask\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mmask\team fortress 2\hl2.exe |
"TCP Query User{CDF51502-5F1D-4687-8B3A-DE8EFD4CD612}C:\program files (x86)\firestorm-release\slplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firestorm-release\slplugin.exe |
"TCP Query User{F27C869D-571F-4DBD-BF14-AB1AD3DADA05}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{14561643-54D9-4901-8EA1-933AA5489A2B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{5366768D-BF5B-43D3-AC28-154D985A340A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{776E74C0-CADD-4416-8930-E19D9936DAAC}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{7CF4E68A-1C0D-48D2-97EE-0DEB4BF2D92B}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{80DCCA2F-89AE-4CE3-AC62-364E51B0452C}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"UDP Query User{8BC1F1D4-BA44-44E6-9458-10F1609457BF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{97BA9492-EF02-4561-8736-DA380D4DFC12}C:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe" = protocol=17 | dir=in | app=c:\netmarbleglobal\marblestation\nmgdownloader\nmgdownload.exe |
"UDP Query User{B16D3F6D-0D20-4084-BC0E-9E6B0BA2044B}C:\program files (x86)\firestorm-release\slplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firestorm-release\slplugin.exe |
"UDP Query User{BD389847-0B4E-461D-B627-9A92B246890E}C:\program files (x86)\firestorm-release\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firestorm-release\slvoice.exe |
"UDP Query User{C85E3757-7B2E-4381-BC9C-41197AA04B56}C:\program files (x86)\phoenix viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phoenix viewer\slvoice.exe |
"UDP Query User{CCEDD464-3E3D-4889-968E-8D5A0AA0C942}C:\program files (x86)\steam\steamapps\mmask\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mmask\team fortress 2\hl2.exe |
"UDP Query User{F01479D4-47EC-4376-A537-63629B932EA4}C:\program files (x86)\firestorm-release\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firestorm-release\slvoice.exe |
"UDP Query User{FCA825A0-071C-4DBC-A909-96F6EBDE3BFF}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0F841121-4DB6-4B31-839F-7F5AB3BB3423}" = Protector Suite 2009
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19CF1A77-C522-4082-8A2B-A9952EE9E372}" = R16_R24 Driver
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{39BFB02A-9692-0409-A808-3F5C7B1F8953}" = Autodesk 3ds Max 2011 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7563F495-80F5-0409-A514-747C66C22449}" = Autodesk 3ds Max 2011 64-bit Components
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AA72DFB8-BA38-49C9-B5A4-A95FD62641F8}" = BOINC
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.49
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit
"EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{083286D9-7F95-4CE6-B0CD-667BA492D30E}" = Adobe Setup
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3020
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.5
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B6BE33-525B-4EF9-9628-E1BA58093A4C}" = ZBrush 4R2
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{270F9094-DF19-40C9-9DBE-E2DD37614FDD}" = Adobe Media Encoder CS4 Importer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3191ADFC-5BA3-474D-BCBA-1B5615ABFFC1}" = character studio 4.2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{640EAE56-81A2-49D4-9B8C-00DA3C0031AF}_is1" = Juicer 3.88a
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67574624-BF0F-0409-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-bit
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AF31E48-F4B3-4110-88BB-CA38D625D0B7}" = Uncharted Waters Online
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79A2AB22-00D8-4F09-A00A-F1CB7DB3E916}_is1" = Penumbra
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8236D2E9-2528-4C5C-ABA3-E0B8B657A297}" = BlackSite: Area 51
"{82F99DC9-389A-4528-940C-88248731A620}" = THX TruStudio Pro
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E3395D1-104C-4625-8419-CA6D197179F2}" = AGEIA PhysX v6.11.01
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9534FAC9-E04C-4B5A-871C-A52A783986DB}" = Netmarble Launcher
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{98EEEC57-B4A4-4E0E-80DB-85E251452FBD}" = Adobe Setup
"{99F80251-DAE8-0409-BD08-DCBBEF56B8CB}" = Autodesk 3ds Max 2011 32-bit Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAE521B6-2F19-447F-8CB6-6D1E3A19F3ED}" = WebCam Installer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC14A1F6-0511-4360-8351-FB7964979317}" = 3ds max 6 Reference Files
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DAB93AAF-0FCC-4023-AE84-F20C16DCC171}" = 80 Days
"{DD8C1183-6548-4A43-B9E5-CD0E970751E4}" = 3ds max 6 Architectural Materials
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0724276-6980-47E2-8FF2-88F473805773}_is1" = WinUndelete 3.50
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4406ED3-B04C-44F1-ABB4-08775B74934F}" = Call Of Cthulhu DCoTE
"{E4B4F6AA-0653-4418-A84B-70D437C28A66}" = Adobe Media Encoder CS4 Exporter
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EC63CD9C-676B-4384-A280-378842B99DCA}" = 3ds max 6 Sample Files
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD640987-B10C-4A02-87F8-000758717F8D}_is1" = Wasteland, Floppy disk (PC DOS) 1988, Interplay
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE2F2589-96A6-4F38-98F5-DDAC34BD41B9}" = Autodesk Network License Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_674de92534e78ca5194a049722987cc" = Adobe Media Encoder CS4 Exporter
"Adobe_6e02d32c7e5a9d9fc86bc91618cafda" = Adobe Premiere Pro CS4 Third Party Content
"Adobe_9107cc52ed6a148a98fad4f22b15a79" = Adobe Media Encoder CS4 Importer
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Autodesk FBX Converter 2012.1" = Autodesk FBX Converter 2012.1
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
"CdaC13Ba" = SafeCast Shared Components
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Firestorm-Release" = Firestorm-Release (remove only)
"Fraps" = Fraps (remove only)
"GameSpy Arcade" = GameSpy Arcade
"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3020
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20B6BE33-525B-4EF9-9628-E1BA58093A4C}" = ZBrush 4R2
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MeshLab" = MeshLab 1.3.1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Paradise_is1" = Paradise
"Pixologic ZBrush 4R3PRO" = Pixologic ZBrush 4R3
"PunkBusterSvc" = PunkBuster Services
"Steam App 104700" = Super Monday Night Combat
"Steam App 105600" = Terraria
"Steam App 12900" = Audiosurf
"Steam App 203810" = Dear Esther
"Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky
"Steam App 205610" = Port Royale 3
"Steam App 215670" = Home
"Steam App 22380" = Fallout: New Vegas
"Steam App 22600" = Worms Reloaded
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 32460" = Monkey Island 2: Special Edition
"Steam App 34350" = Total War: SHOGUN 2 Demo
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 440" = Team Fortress 2
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 48220" = Might & Magic ® Heroes ® VI
"Steam App 57400" = Batman: Arkham City™
"Steam App 57900" = Duke Nukem Forever
"Steam App 67000" = The Polynomial
"Steam App 72200" = Universe Sandbox
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 98800" = Dungeons of Dredmor
"ThemePark15" = Package: Theme Park
"Tortuga - Two Treasures_is1" = Tortuga - Two Treasures
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2012 3:24:23 PM | Computer Name = IanNicely-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CivilizationV_DX11.exe, version: 1.0.2.21,
time stamp: 0x509d5f40 Faulting module name: nvwgf2um.dll, version: 8.17.12.6849,
time stamp: 0x4dc28ca9 Exception code: 0xc0000005 Fault offset: 0x000c6d74 Faulting
process id: 0x11a8 Faulting application start time: 0x01cddc83805809b8 Faulting application
path: C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe
Faulting
module path: C:\Windows\system32\nvwgf2um.dll Report Id: 5c8149d6-487f-11e2-9bef-0090f5c75a73

Error - 12/17/2012 10:59:54 PM | Computer Name = IanNicely-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/18/2012 12:47:54 PM | Computer Name = IanNicely-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/18/2012 6:04:01 PM | Computer Name = IanNicely-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/18/2012 6:05:41 PM | Computer Name = IanNicely-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/18/2012 6:06:00 PM | Computer Name = IanNicely-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/18/2012 8:39:53 PM | Computer Name = IanNicely-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/18/2012 10:17:03 PM | Computer Name = IanNicely-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/19/2012 6:16:10 AM | Computer Name = IanNicely-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/19/2012 6:59:08 AM | Computer Name = IanNicely-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/19/2012 7:02:13 AM | Computer Name = IanNicely-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 1/2/2013 2:15:40 PM | Computer Name = IanNicely-PC | Source = Service Control Manager | ID = 7000
Description = The lirsgt service failed to start due to the following error: %%577

Error - 1/2/2013 2:22:57 PM | Computer Name = IanNicely-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 1/2/2013 2:23:14 PM | Computer Name = IanNicely-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\athsgt.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 1/2/2013 2:23:14 PM | Computer Name = IanNicely-PC | Source = Service Control Manager | ID = 7000
Description = The athsgt service failed to start due to the following error: %%1275

Error - 1/2/2013 2:23:19 PM | Computer Name = IanNicely-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%577

Error - 1/2/2013 2:23:20 PM | Computer Name = IanNicely-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\CDAC15BA.SYS has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 1/2/2013 2:23:20 PM | Computer Name = IanNicely-PC | Source = Service Control Manager | ID = 7000
Description = The CdaC15BA service failed to start due to the following error: %%1275

Error - 1/2/2013 2:23:20 PM | Computer Name = IanNicely-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\limsgt.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 1/2/2013 2:23:20 PM | Computer Name = IanNicely-PC | Source = Service Control Manager | ID = 7000
Description = The limsgt service failed to start due to the following error: %%1275

Error - 1/2/2013 2:23:20 PM | Computer Name = IanNicely-PC | Source = Service Control Manager | ID = 7000
Description = The lirsgt service failed to start due to the following error: %%577


< End of report >
 
OTL logs are clean :)

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I did not get a log for eset online scanner

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!

Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 37
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Mozilla Firefox (9.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````



Farbar Service Scanner Version: 23-12-2012
Ran by Ian Nicely (administrator) on 02-01-2013 at 23:20:44
Running from "C:\Users\Ian Nicely\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

=========================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=========================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
818
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back