avast says my svchost.exe has a [Trj]

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

thorandai

Thread Starter
Joined
Jan 12, 2013
Messages
9
um first off im not a very experienced computer guy that is why im here my issue is that my computer has recently started to slow down and have issues with the firewall disabling, internet and network not working properly as in keeps loading not showing an error screen until after a few minutes has passed and when i restart everything works as should.i dont know if this explains a lot but when starting the computer my avast says that it is scanning svchost.exe in sandbox and then shortly after it states that there is an issue with it and it puts it in its virus chest when i looked at the virus description in avast virus chest it says, Dyna:FakeSys-E [Trj];Dyna:FakeS as the description of the virus I then researched it and lead me here i followed the steps in the "Everyone must read this before posting for help" and the logs are as follows

HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:00:36 PM, on 1/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\THORAN~1\AppData\Local\Temp\svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\program files (x86)\ncsoft\launcher\NCLauncher.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\thorandai\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=bc1d934a00000000000000ffb8210817
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.4.9\bh\BabylonToolbar.dll (file missing)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Webroot Browser Helper Object - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.4.9\BabylonToolbarTlbr.dll (file missing)
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe] C:\ProgramData\Adobe\1901D86.vbe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [NCsoft Launcher] C:\program files (x86)\ncsoft\launcher\NCLauncher.exe /Minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O20 - AppInit_DLLs: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll c:\windows\syswow64\nvinit.dll c:\progra~1\lucidl~1\virtu\x86\appini~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberLink Product - 2012/03/09 16:22:12 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11782 bytes

DDS.TXT LOG

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by thorandai at 22:00:46 on 2013-01-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16297.12776 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
"C:\Users\THORAN~1\AppData\Local\Temp\svchost.exe" -o http://v502th.chickenkiller.com -O v500:v500 -l 1
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\program files (x86)\ncsoft\launcher\NCLauncher.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\thorandai\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=114733&tt=5112_3&babsrc=HP_ss&mntrId=bc1d934a00000000000000ffb8210817
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [PlayNC Launcher] <no file>
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe] C:\ProgramData\Adobe\1901D86.vbe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 205.171.3.25 205.171.2.25
TCP: Interfaces\{AEE0C666-CFF4-4C50-9705-6CDF8D73FFA1} : DHCPNameServer = 205.171.3.25 205.171.2.25
AppInit_DLLs= c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll c:\windows\syswow64\nvinit.dll c:\progra~1\lucidl~1\virtu\x86\appini~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-28 8704]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-3-9 15368]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-25 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-25 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-6-25 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-25 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-3 44808]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-9 2656280]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-3-29 57088]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-7 80384]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-4-23 32344]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-3-9 65632]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/03/09 16:22:12;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-8 1255736]
.
=============== File Associations ===============
.
FileExt: .chm: CHM="C:\Program Files (x86)\Go PDF Reader\GoPDFReader.exe" "%1"
.
=============== Created Last 30 ================
.
2013-01-11 17:50:02 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58656E77-B2A2-4ECE-A20A-86BD19135092}\mpengine.dll
2013-01-09 03:47:26 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 03:47:26 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 03:46:25 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 03:46:24 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 03:46:24 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 03:46:24 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 03:43:55 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-09 03:42:50 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-07 15:00:15 -------- d-----w- C:\Users\thorandai\AppData\Local\Fallout3
2012-12-31 18:35:13 -------- d-----w- C:\Users\thorandai\AppData\Local\SvchostViewer
2012-12-31 18:29:52 -------- d-----w- C:\Users\thorandai\AppData\Roaming\ParetoLogic
2012-12-31 18:29:52 -------- d-----w- C:\Users\thorandai\AppData\Roaming\DriverCure
2012-12-31 18:29:42 -------- d-----w- C:\ProgramData\ParetoLogic
2012-12-31 01:53:10 -------- d-----w- C:\Users\thorandai\AppData\Local\Programs
2012-12-30 07:41:43 -------- d-----w- C:\Users\thorandai\Assassins Creed III-SKIDROW
2012-12-30 00:56:18 -------- d-----w- C:\Users\thorandai\AppData\Local\Black_Tree_Gaming
2012-12-30 00:56:15 -------- d-----w- C:\Program Files\Nexus Mod Manager
2012-12-27 01:37:54 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-12-27 01:37:25 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-27 01:36:48 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-27 01:36:31 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-26 18:36:15 -------- d-----w- C:\Users\thorandai\AppData\Roaming\ZombieDriver
2012-12-26 18:36:10 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-12-26 18:36:10 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-12-26 18:36:10 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-12-26 18:36:10 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-12-26 18:36:10 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-12-21 17:59:42 -------- d-----w- C:\Users\thorandai\AppData\Local\DDMSettings
2012-12-21 17:48:41 -------- d-----w- C:\Program Files\DivX
2012-12-21 17:48:22 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-12-21 17:46:18 -------- d-----w- C:\Program Files (x86)\DivX
2012-12-21 17:45:04 -------- d-----w- C:\ProgramData\DivX
2012-12-21 06:57:07 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 06:57:07 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 06:57:07 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 06:57:07 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-19 15:26:23 -------- d-----w- C:\Users\thorandai\AppData\Local\Skyrim
.
==================== Find3M ====================
.
2013-01-10 19:44:06 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-01-10 19:44:06 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-01-09 15:53:39 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 15:53:39 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-07 01:50:04 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-13 20:29:04 354216 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-09 01:48:04 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-09 01:48:04 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-09 01:48:04 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-30 22:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 22:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 15:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
.
============= FINISH: 22:00:54.09 ===============

ATTACH.TXT LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/8/2012 10:22:18 PM
System Uptime: 1/12/2013 1:01:01 PM (9 hours ago)
.
Motherboard: ASRock | | Z68 Extreme4 Gen3
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1397 GiB total, 1205.606 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP211: 1/8/2013 12:56:55 PM - Scheduled Checkpoint
RP212: 1/8/2013 9:33:39 PM - Windows Update
RP213: 1/9/2013 12:54:11 AM - Windows Update
.
==== Installed Programs ======================
.
Ace of Spades
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Amazon Kindle
applicationupdater
ASRock App Charger v1.0.4
Auslogics Disk Defrag
avast! Free Antivirus
Batman: Arkham City™
Battlefield 3™
Battlelog Web Plugins
Broadcom Gigabit NetLink Controller
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
Chivalry: Medieval Warfare
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink LG Burning Tool
CyberLink PowerDVD 9
CyberLink PowerProducer
DivX Setup
Dual-Core Optimizer
ESN Sonar
Etron USB3.0 Host Controller
Far Cry 3
FileHippo.com Update Checker
gamelauncher-code4344-beta
Garry's Mod
Go PDF Reader
Google Chrome
Google Update Helper
Guild Wars 2
Hi-Rez Studios Authenticate and Update Service
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Itibiti RTC
Java 7 Update 9
Java Auto Updater
Java(TM) 7 (64-bit)
LG Tool Kit
Magic: The Gathering - Duels of the Planeswalkers 2013
Malwarebytes Anti-Malware version 1.70.0.1100
marvell 91xx driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
NCsoft Launcher
Nexus Mod Manager
Notepad++
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenAL
Origin
Pando Media Booster
PlanetSide 2 Beta
PunkBuster Services
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Source SDK Base 2007
Star Wars: Knights of the Old Republic II
Steam
swMSM
TeamSpeak 3 Client
The Binding of Isaac
The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0
Ubisoft Game Launcher
UltraISO Premium V9.52
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Manager for SweetPacks 1.0
Uplay
VC80CRTRedist - 8.0.50727.6195
VIRTU 1.2.103
Visual Studio 2008 x64 Redistributables
Windows Driver Package - Etron Technology Inc. (EtronXHCI) USB (08/04/2011 1.00.0000.0105)
Windows Live ID Sign-in Assistant
WinRAR 4.11 (64-bit)
Yahoo! Software Update
Yahoo! Toolbar
Zombie Driver
.
==== Event Viewer Messages From Past Week ========
.
1/7/2013 8:41:53 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
1/12/2013 1:03:30 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/12/2013 1:03:30 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
.
==== End Of File ===========================

I did not include the Ark.txt file log as I went over the character limit and gmer said it did not find anything but i did not want to post half a log as it could complicate things it is currrently saved so i will be able to show the log to anyone needing it.
Thank you for reading this and I hope this can be resolved as efficiently and painless for you guys as possible.
Sincerely, Thorandai
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
 

thorandai

Thread Starter
Joined
Jan 12, 2013
Messages
9
here is the log
ComboFix 13-01-13.01 - thorandai 01/13/2013 12:11:20.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16297.13204 [GMT -6:00]
Running from: c:\users\thorandai\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
C:\STF3ED6.tmp
C:\STF5D57.tmp
C:\STF8542.tmp
C:\STFC135.tmp
C:\STFFBDE.tmp
c:\users\thorandai\AppData\Local\assembly\tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))
.
.
2013-01-13 18:15 . 2013-01-13 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-13 18:15 . 2013-01-13 18:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-13 17:46 . 2013-01-13 17:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58656E77-B2A2-4ECE-A20A-86BD19135092}\offreg.dll
2013-01-11 17:50 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58656E77-B2A2-4ECE-A20A-86BD19135092}\mpengine.dll
2013-01-09 03:47 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 03:47 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 03:46 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 03:46 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 03:46 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 03:46 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 03:43 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 03:42 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-07 15:00 . 2013-01-07 15:00 -------- d-----w- c:\users\thorandai\AppData\Local\Fallout3
2012-12-31 18:35 . 2012-12-31 18:35 -------- d-----w- c:\users\thorandai\AppData\Local\SvchostViewer
2012-12-31 18:29 . 2012-12-31 18:29 -------- d-----w- c:\users\thorandai\AppData\Roaming\ParetoLogic
2012-12-31 18:29 . 2012-12-31 18:29 -------- d-----w- c:\users\thorandai\AppData\Roaming\DriverCure
2012-12-31 18:29 . 2013-01-05 04:42 -------- d-----w- c:\programdata\ParetoLogic
2012-12-31 01:53 . 2012-12-31 01:53 -------- d-----w- c:\users\thorandai\AppData\Local\Programs
2012-12-30 07:41 . 2012-12-30 13:32 -------- d-----w- c:\users\thorandai\Assassins Creed III-SKIDROW
2012-12-30 00:56 . 2013-01-13 04:10 -------- d-----w- c:\users\thorandai\AppData\Local\Black_Tree_Gaming
2012-12-27 01:37 . 2012-12-27 01:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-12-27 01:37 . 2012-12-27 01:37 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-27 01:36 . 2012-12-27 01:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-27 01:36 . 2012-12-27 01:36 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-26 18:36 . 2012-12-26 18:54 -------- d-----w- c:\users\thorandai\AppData\Roaming\ZombieDriver
2012-12-26 18:36 . 2012-12-26 18:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-26 18:36 . 2012-12-26 18:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-26 18:36 . 2012-12-26 18:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-26 18:36 . 2012-12-26 18:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-26 18:36 . 2012-12-26 18:36 -------- d-----w- c:\program files (x86)\OpenAL
2012-12-21 17:59 . 2012-12-21 17:59 -------- d-----w- c:\users\thorandai\AppData\Local\DDMSettings
2012-12-21 17:48 . 2012-12-21 17:49 -------- d-----w- c:\users\thorandai\AppData\Roaming\DivX
2012-12-21 17:48 . 2012-12-21 17:58 -------- d-----w- c:\program files\DivX
2012-12-21 17:48 . 2012-12-21 17:58 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-12-21 17:46 . 2012-12-21 17:58 -------- d-----w- c:\program files (x86)\DivX
2012-12-21 17:45 . 2012-12-21 17:59 -------- d-----w- c:\programdata\DivX
2012-12-21 06:57 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 06:57 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 06:57 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 06:57 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-19 15:26 . 2013-01-06 02:18 -------- d-----w- c:\users\thorandai\AppData\Local\Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 19:44 . 2012-03-10 19:50 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-10 19:44 . 2012-03-10 19:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-09 15:53 . 2012-04-07 22:56 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 15:53 . 2012-03-09 02:29 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 06:57 . 2012-03-09 00:35 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-07 01:50 . 2012-03-10 19:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-14 22:49 . 2012-11-04 19:52 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 03:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 02:12 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 02:12 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 02:12 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 02:12 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 02:12 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 02:12 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 02:12 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 02:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 02:12 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 02:12 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 02:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 02:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 02:12 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 02:12 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 02:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 02:12 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 02:12 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 02:12 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 02:12 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 02:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 02:12 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 02:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-09 05:45 . 2012-12-12 23:50 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 23:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-09 01:48 . 2012-11-09 01:48 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-09 01:48 . 2012-10-01 18:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-09 01:48 . 2012-03-24 00:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-02 05:59 . 2012-12-12 23:48 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 23:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-30 22:51 . 2012-06-25 06:30 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-06-25 06:30 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-06-25 06:30 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-06-25 06:30 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-06-25 06:30 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-06-25 06:29 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-06-25 06:29 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-06-25 06:30 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-27 17:34 . 2012-10-27 17:34 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-28 16:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 16:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 16:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-05 1354736]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-10-12 38744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-08-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-23 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-19 27760]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-12-23 222504]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"Adobe"="c:\programdata\Adobe\1901D86.vbe" [2012-12-13 7642]
.
c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\users\UpdatusUser\AppData\Roaming\wruninstall.exe [2012-9-30 7021336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/03/09 16:22;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-24 240112]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-08-17 57088]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-08-17 80384]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-15 412712]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2000-01-01 32344]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-06-20 65632]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-10 20:00 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:53]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 02:29]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 02:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12459112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=114733&tt=5112_3&babsrc=HP_ss&mntrId=bc1d934a00000000000000ffb8210817
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 205.171.3.25 205.171.2.25
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run-ExpressFiles - c:\program files (x86)\ExpressFiles\ExpressFiles.exe
Wow6432Node-HKLM-Run-Sweetpacks Communicator - c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
AddRemove-The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0 - c:\program files (x86)\The Elder Scrolls V Skyrim\Uninstall.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0b,67,f4,19,5d,26,cd,01
.
[HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\Software\SecuROM\License information*]
"datasecu"=hex:d0,f3,c5,61,27,70,1e,a1,86,ce,95,d3,84,af,cf,7e,b0,8c,e6,ac,8b,
f4,db,27,16,c7,9b,37,9d,24,dd,f1,d5,4a,2a,88,01,57,b7,09,b9,79,0c,42,ba,d5,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-13 12:16:18
ComboFix-quarantined-files.txt 2013-01-13 18:16
.
Pre-Run: 1,302,431,125,504 bytes free
Post-Run: 1,302,310,289,408 bytes free
.
- - End Of File - - A6AF6582A86366E434EFD708B8A531A9
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

or to
http://www.bleepingcomputer.com/submit-malware.php?channel=38
 

Attachments

thorandai

Thread Starter
Joined
Jan 12, 2013
Messages
9
here is the combo fix log and i uploaded the zip file to the forum
ComboFix 13-01-13.01 - thorandai 01/13/2013 15:06:55.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16297.12628 [GMT -6:00]
Running from: c:\users\thorandai\Desktop\ComboFix.exe
Command switches used :: c:\users\thorandai\Desktop\CFScript (1).txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk"
"c:\users\UpdatusUser\AppData\Roaming\wruninstall.exe"
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Adobe\1901D86.vbe
c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
c:\users\UpdatusUser\AppData\Roaming\wruninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))
.
.
2013-01-13 21:10 . 2013-01-13 21:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-13 21:10 . 2013-01-13 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 17:50 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58656E77-B2A2-4ECE-A20A-86BD19135092}\mpengine.dll
2013-01-09 03:47 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 03:47 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 03:46 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 03:46 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 03:46 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 03:46 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 03:43 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 03:42 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-07 15:00 . 2013-01-07 15:00 -------- d-----w- c:\users\thorandai\AppData\Local\Fallout3
2012-12-31 18:35 . 2012-12-31 18:35 -------- d-----w- c:\users\thorandai\AppData\Local\SvchostViewer
2012-12-31 18:29 . 2012-12-31 18:29 -------- d-----w- c:\users\thorandai\AppData\Roaming\ParetoLogic
2012-12-31 18:29 . 2012-12-31 18:29 -------- d-----w- c:\users\thorandai\AppData\Roaming\DriverCure
2012-12-31 18:29 . 2013-01-05 04:42 -------- d-----w- c:\programdata\ParetoLogic
2012-12-31 01:53 . 2012-12-31 01:53 -------- d-----w- c:\users\thorandai\AppData\Local\Programs
2012-12-30 07:41 . 2012-12-30 13:32 -------- d-----w- c:\users\thorandai\Assassins Creed III-SKIDROW
2012-12-30 00:56 . 2013-01-13 04:10 -------- d-----w- c:\users\thorandai\AppData\Local\Black_Tree_Gaming
2012-12-27 01:37 . 2012-12-27 01:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-12-27 01:37 . 2012-12-27 01:37 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-27 01:36 . 2012-12-27 01:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-27 01:36 . 2012-12-27 01:36 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-26 18:36 . 2012-12-26 18:54 -------- d-----w- c:\users\thorandai\AppData\Roaming\ZombieDriver
2012-12-26 18:36 . 2012-12-26 18:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-26 18:36 . 2012-12-26 18:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-26 18:36 . 2012-12-26 18:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-26 18:36 . 2012-12-26 18:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-26 18:36 . 2012-12-26 18:36 -------- d-----w- c:\program files (x86)\OpenAL
2012-12-21 17:59 . 2012-12-21 17:59 -------- d-----w- c:\users\thorandai\AppData\Local\DDMSettings
2012-12-21 17:48 . 2012-12-21 17:49 -------- d-----w- c:\users\thorandai\AppData\Roaming\DivX
2012-12-21 17:48 . 2012-12-21 17:58 -------- d-----w- c:\program files\DivX
2012-12-21 17:48 . 2012-12-21 17:58 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-12-21 17:46 . 2012-12-21 17:58 -------- d-----w- c:\program files (x86)\DivX
2012-12-21 17:45 . 2012-12-21 17:59 -------- d-----w- c:\programdata\DivX
2012-12-21 06:57 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 06:57 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 06:57 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 06:57 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-19 15:26 . 2013-01-06 02:18 -------- d-----w- c:\users\thorandai\AppData\Local\Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 19:44 . 2012-03-10 19:50 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-10 19:44 . 2012-03-10 19:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-09 15:53 . 2012-04-07 22:56 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 15:53 . 2012-03-09 02:29 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 06:57 . 2012-03-09 00:35 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-07 01:50 . 2012-03-10 19:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-14 22:49 . 2012-11-04 19:52 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 03:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 02:12 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 02:12 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 02:12 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 02:12 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 02:12 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 02:12 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 02:12 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 02:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 02:12 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 02:12 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 02:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 02:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 02:12 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 02:12 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 02:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 02:12 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 02:12 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 02:12 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 02:12 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 02:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 02:12 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 02:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-09 05:45 . 2012-12-12 23:50 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 23:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-09 01:48 . 2012-11-09 01:48 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-09 01:48 . 2012-10-01 18:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-09 01:48 . 2012-03-24 00:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-02 05:59 . 2012-12-12 23:48 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 23:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-30 22:51 . 2012-06-25 06:30 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-06-25 06:30 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-06-25 06:30 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-06-25 06:30 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-06-25 06:30 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-06-25 06:29 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-06-25 06:29 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-06-25 06:30 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-27 17:34 . 2012-10-27 17:34 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-28 16:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 16:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 16:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-05 1354736]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-10-12 38744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-08-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-23 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-19 27760]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-12-23 222504]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/03/09 16:22;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-24 240112]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-08-17 57088]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-08-17 80384]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-15 412712]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2000-01-01 32344]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-06-20 65632]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-10 20:00 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:53]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 02:29]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 02:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12459112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=114733&tt=5112_3&babsrc=HP_ss&mntrId=bc1d934a00000000000000ffb8210817
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 205.171.3.25 205.171.2.25
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0 - c:\program files (x86)\The Elder Scrolls V Skyrim\Uninstall.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0b,67,f4,19,5d,26,cd,01
.
[HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\Software\SecuROM\License information*]
"datasecu"=hex:d0,f3,c5,61,27,70,1e,a1,86,ce,95,d3,84,af,cf,7e,b0,8c,e6,ac,8b,
f4,db,27,16,c7,9b,37,9d,24,dd,f1,d5,4a,2a,88,01,57,b7,09,b9,79,0c,42,ba,d5,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-01-13 15:14:10 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-13 21:14
ComboFix2.txt 2013-01-13 18:16
.
Pre-Run: 1,301,457,825,792 bytes free
Post-Run: 1,300,896,489,472 bytes free
.
- - End Of File - - 1E8B37AE172CEB717CB0E7CC7009788B
Upload was successful
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
are you still getting any alerts or warnings from your antivirus?
are you having any problems now?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
where is Avast saying the infected file is
 

thorandai

Thread Starter
Joined
Jan 12, 2013
Messages
9
its saying it is in the virus chest and the original location is C:\Users\THORAN~1\Appdata\Local\temp
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
lets see what this shows us

Download OTScanIt.exe to your Desktop
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Double-click on OTS.exe to start the program.
  • In the Files Age drop down box click 90
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
 

thorandai

Thread Starter
Joined
Jan 12, 2013
Messages
9
here is the log
Code:
OTS logfile created on: 1/14/2013 12:13:41 PM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\thorandai\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
16.00 Gb Total Physical Memory | 14.00 Gb Available Physical Memory | 85.00% Memory free
32.00 Gb Paging File | 29.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.26 Gb Total Space | 1210.41 Gb Free Space | 86.63% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 4.37 Gb Free Space | 99.88% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: THORANDAI-PC
Current User Name: thorandai
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\thorandai\Desktop\OTS.exe -> [2013/01/14 12:11:54 | 000,646,656 | ---- | M] (OldTimer Tools)
steamservice.exe -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2012/12/20 10:26:39 | 000,541,760 | ---- | M] (Valve Corporation)
steam.exe -> C:\Program Files (x86)\Steam\Steam.exe -> [2012/12/04 22:27:21 | 001,354,736 | ---- | M] (Valve Corporation)
divxupdate.exe -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe -> [2012/11/29 20:06:58 | 001,263,512 | ---- | M] ()
avastui.exe -> C:\Program Files\AVAST Software\Avast\AvastUI.exe -> [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software)
avastsvc.exe -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software)
nclauncher.exe -> C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe -> [2012/10/11 22:49:15 | 000,038,744 | ---- | M] (NCSoft)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation)
pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2012/09/06 11:10:52 | 000,076,888 | ---- | M] ()
fwupdate.exe -> C:\Program Files (x86)\lg_fwupdate\fwupdate.exe -> [2012/07/18 20:44:16 | 000,871,536 | ---- | M] (BitLeader)
uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation)
lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation)
brs.exe -> C:\Program Files (x86)\CyberLink\Shared files\brs.exe -> [2010/11/23 02:33:20 | 000,075,048 | ---- | M] (cyberlink)
pdvd9serv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe -> [2010/08/02 21:13:12 | 000,087,336 | ---- | M] (CyberLink Corp.)
clmlsvc.exe -> C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe -> [2009/12/15 14:47:00 | 000,103,720 | ---- | M] (CyberLink)
yahooauservice.exe -> C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
 
[Modules - No Company Name]
sdl.dll -> C:\Program Files (x86)\Steam\sdl.dll -> [2012/12/20 10:27:51 | 000,647,168 | ---- | M] ()
libcef.dll -> C:\Program Files (x86)\Steam\bin\libcef.dll -> [2012/12/20 10:26:38 | 020,320,240 | ---- | M] ()
avcodec-53.dll -> C:\Program Files (x86)\Steam\bin\avcodec-53.dll -> [2012/12/20 10:26:34 | 001,100,800 | ---- | M] ()
chromehtml.dll -> C:\Program Files (x86)\Steam\bin\chromehtml.dll -> [2012/12/20 10:26:34 | 000,969,280 | ---- | M] ()
avformat-53.dll -> C:\Program Files (x86)\Steam\bin\avformat-53.dll -> [2012/12/20 10:26:34 | 000,192,000 | ---- | M] ()
avutil-51.dll -> C:\Program Files (x86)\Steam\bin\avutil-51.dll -> [2012/12/20 10:26:34 | 000,124,416 | ---- | M] ()
divxupdatecheck.dll -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll -> [2012/11/29 20:07:48 | 000,100,248 | ---- | M] ()
divxupdate.exe -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe -> [2012/11/29 20:06:58 | 001,263,512 | ---- | M] ()
unrar.net.dll -> C:\Program Files (x86)\NCSoft\Launcher\UnRar.Net.dll -> [2012/10/11 22:49:15 | 000,217,088 | ---- | M] ()
nc.logging.dll -> C:\Program Files (x86)\NCSoft\Launcher\NC.Logging.dll -> [2012/10/11 22:49:15 | 000,024,576 | ---- | M] ()
system.windows.forms.dll -> C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll -> [2012/10/05 04:53:24 | 005,025,792 | ---- | M] ()
system.dll -> C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll -> [2012/10/05 04:53:24 | 003,198,976 | ---- | M] ()
system.drawing.dll -> C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll -> [2012/10/05 04:53:24 | 000,630,784 | ---- | M] ()
system.security.dll -> C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll -> [2012/10/05 04:53:24 | 000,258,048 | ---- | M] ()
system.design.dll -> C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll -> [2012/10/05 04:53:23 | 004,927,488 | ---- | M] ()
mscorlib.dll -> C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll -> [2012/08/31 04:59:19 | 004,550,656 | ---- | M] ()
system.configuration.dll -> C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll -> [2010/11/20 21:24:32 | 000,425,984 | ---- | M] ()
system.xml.dll -> C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll -> [2010/11/20 21:23:48 | 002,048,000 | ---- | M] ()
system.runtime.remoting.dll -> C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll -> [2010/11/20 21:23:48 | 000,303,104 | ---- | M] ()
clmlsvcps.dll -> C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll -> [2009/12/15 14:49:20 | 000,013,096 | ---- | M] ()
clmedialibrary.dll -> C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll -> [2009/12/15 14:46:38 | 000,619,816 | ---- | M] ()
accessibility.dll -> C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll -> [2009/06/10 15:22:40 | 000,010,752 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(avast! Antivirus)  [Auto | Running] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software)
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/01/09 09:53:39 | 000,251,400 | ---- | M] (Adobe Systems Incorporated)
(Steam Client Service) Steam Client Service [On_Demand | Running] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2012/12/20 10:26:39 | 000,541,760 | ---- | M] (Valve Corporation)
(cphs) Intel(R) Content Protection HECI Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\IntelCpHeciSvc.exe -> [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation)
(nvUpdatusService) NVIDIA Update Service Daemon [Auto | Stopped] -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -> [2012/10/02 16:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation)
(Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation)
(PnkBstrA) PnkBstrA [Auto | Running] -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2012/09/06 11:10:52 | 000,076,888 | ---- | M] ()
(HiPatchService) Hi-Rez Studios Authenticate and Update Service [Auto | Paused] -> C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -> [2012/06/26 16:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios)
(UNS) Intel(R) Management and Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation)
(LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation)
(CLKMSVC10_9EC60124) CyberLink Product - 2012/03/09 16:22:12 [Auto | Stopped] -> C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -> [2010/11/23 18:33:22 | 000,240,112 | ---- | M] (CyberLink)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
 
[Driver Services - Safe List]
64bit-(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2012/10/30 16:51:56 | 000,059,728 | ---- | M] (AVAST Software)
64bit-(aswSnx) aswSnx [File_System | System | Running] -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2012/10/30 16:51:55 | 000,984,144 | ---- | M] (AVAST Software)
64bit-(aswSP) aswSP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswSP.sys -> [2012/10/30 16:51:55 | 000,370,288 | ---- | M] (AVAST Software)
64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2012/10/30 16:51:55 | 000,071,600 | ---- | M] (AVAST Software)
64bit-(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2012/10/30 16:51:53 | 000,025,232 | ---- | M] (AVAST Software)
64bit-(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswRdr2.sys -> [2012/10/15 09:59:28 | 000,054,072 | ---- | M] (AVAST Software)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation)
64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2012/07/03 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation)
64bit-(EtronXHCI) Etron USB 3.0 Extensible Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\EtronXHCI.sys -> [2011/08/17 12:18:00 | 000,080,384 | ---- | M] (Etron Technology Inc)
64bit-(EtronHub3) Etron USB 3.0 Extensible Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\EtronHub3.sys -> [2011/08/17 12:18:00 | 000,057,088 | ---- | M] (Etron Technology Inc)
64bit-(VirtuWDDM) VirtuWDDM [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\VirtuWDDM.sys -> [2011/06/19 19:53:30 | 000,065,632 | ---- | M] (Lucidlogix Inc.)
64bit-(mvs91xx) mvs91xx [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\mvs91xx.sys -> [2011/04/08 05:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(k57nd60a) Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\k57nd60a.sys -> [2011/02/14 20:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation)
64bit-(MEIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(AsrAppCharger) AsrAppCharger [Kernel | System | Running] -> C:\Windows\SysNative\drivers\AsrAppCharger.sys -> [2010/06/11 15:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(xusb21) Xbox 360 Wireless Receiver Driver Service 21 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\xusb21.sys -> [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hamachi.sys -> [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.)
64bit-(MBfilt) MBfilt [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\MBfilt64.sys -> [1999/12/31 18:00:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [YTNavAssistPlugin Class] -> [2011/11/01 22:13:14 | 002,015,544 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [YTNavAssistPlugin Class] -> [2011/11/01 22:13:14 | 002,015,544 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> -> 
HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\: Main\\"Start Page" -> http://search.babylon.com/?affID=114733&tt=5112_3&babsrc=HP_ss&mntrId=bc1d934a00000000000000ffb8210817 -> 
HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> BA 47 E1 12 50 FE CC 01  [binary data] -> 
HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2012/11/03 17:08:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5] -> [2012/12/21 11:58:54 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2013/01/13 15:11:31 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Webroot Browser Helper Object] -> File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/07/26 22:08:13 | 000,075,656 | ---- | M] (Oracle Corporation)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2011/11/01 22:13:14 | 002,015,544 | ---- | M] (Yahoo! Inc.)
{2EECD738-5844-4a99-B4B6-146BF802613B} [HKLM] ->  [Babylon toolbar helper] -> File not found
{326E768D-4182-46FD-9C16-1449A49795F4} [HKLM] -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [DivX Plus Web Player HTML5 <video>] -> [2011/12/12 07:13:22 | 000,194,432 | ---- | M] (DivX, LLC)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/11/08 19:48:04 | 000,449,512 | ---- | M] (Oracle Corporation)
{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Webroot Browser Helper Object] -> File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/11/08 19:48:04 | 000,155,384 | ---- | M] (Oracle Corporation)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2011/11/01 22:13:14 | 000,156,984 | ---- | M] (Yahoo! Inc)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{97ab88ef-346b-4179-a0b1-7445896547a5}" [HKLM] ->  [Webroot Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{97ab88ef-346b-4179-a0b1-7445896547a5}" [HKLM] ->  [Webroot Toolbar] -> File not found
"{98889811-442D-49dd-99D7-DC866BE87DBC}" [HKLM] ->  [Babylon Toolbar] -> File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2011/11/01 22:13:14 | 002,015,544 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2012/10/10 02:22:28 | 000,399,392 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2012/10/10 02:22:24 | 000,171,040 | ---- | M] (Intel Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2012/10/10 02:22:30 | 000,441,888 | ---- | M] (Intel Corporation)
"RTHDVCPL" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s] -> [1999/12/31 18:00:00 | 012,459,112 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"amd_dc_opt" -> C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe] -> [2008/07/22 14:53:10 | 000,077,824 | ---- | M] (AMD)
"avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software)
"BDRegion" -> C:\Program Files (x86)\CyberLink\Shared files\brs.exe [C:\Program Files (x86)\Cyberlink\Shared files\brs.exe] -> [2010/11/23 02:33:20 | 000,075,048 | ---- | M] (cyberlink)
"CLMLServer" -> C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe ["C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"] -> [2009/12/15 14:47:00 | 000,103,720 | ---- | M] (CyberLink)
"DivXMediaServer" -> C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe] -> [2012/11/13 12:13:34 | 000,450,560 | ---- | M] ()
"DivXUpdate" -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ["C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW] -> [2012/11/29 20:06:58 | 001,263,512 | ---- | M] ()
"LGODDFU" -> C:\Program Files (x86)\lg_fwupdate\lgfw.exe ["C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun] -> [2012/07/18 20:44:26 | 000,027,760 | ---- | M] (Bitleader)
"RemoteControl9" -> C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe ["C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"] -> [2010/08/02 21:13:12 | 000,087,336 | ---- | M] (CyberLink Corp.)
"UpdateP2GoShortCut" -> C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2009/05/19 23:16:16 | 000,222,504 | ---- | M] (CyberLink Corp.)
"UpdatePPShortCut" -> C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"] -> [2009/05/19 23:16:16 | 000,222,504 | ---- | M] (CyberLink Corp.)
"UpdatePSTShortCut" -> C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"] -> [2010/12/23 15:19:50 | 000,222,504 | ---- | M] (CyberLink Corp.)
< Run [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"NCsoft Launcher" -> C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe [C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized] -> [2012/10/11 22:49:15 | 000,038,744 | ---- | M] (NCSoft)
"Steam" -> C:\Program Files (x86)\Steam\steam.exe ["C:\Program Files (x86)\Steam\steam.exe" -silent] -> [2012/12/04 22:27:21 | 001,354,736 | ---- | M] (Valve Corporation)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HideSCAHealth" ->  [1] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"PromptOnSecureDesktop" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel ->  [res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000] -> File not found
Se&nd to OneNote ->  [res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105] -> File not found
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Button: Webroot] -> File not found
{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Menu: Webroot] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Button: Webroot] -> File not found
{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Menu: Webroot] -> File not found
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7767 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7768 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7772 domain(s) found. -> 
clonewarsadventures.com .[*] -> Trusted sites -> 
freerealms.com .[*] -> Trusted sites -> 
soe.com .[*] -> Trusted sites -> 
sony.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7772 domain(s) found. -> 
clonewarsadventures.com .[*] -> Trusted sites -> 
freerealms.com .[*] -> Trusted sites -> 
soe.com .[*] -> Trusted sites -> 
sony.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. -> 
clonewarsadventures.com .[*] ->  -> 
freerealms.com .[*] ->  -> 
soe.com .[*] ->  -> 
sony.com .[*] ->  -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. -> 
clonewarsadventures.com .[*] ->  -> 
freerealms.com .[*] ->  -> 
soe.com .[*] ->  -> 
sony.com .[*] ->  -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7770 domain(s) found. -> 
clonewarsadventures.com .[*] -> Trusted sites -> 
freerealms.com .[*] -> Trusted sites -> 
soe.com .[*] -> Trusted sites -> 
sony.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab [Java Plug-in 1.7.0] -> 
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab [Java Plug-in 1.7.0] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 205.171.3.25 205.171.2.25 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{AEE0C666-CFF4-4C50-9705-6CDF8D73FFA1}\\DhcpNameServer -> 205.171.3.25 205.171.2.25   (Broadcom NetLink (TM) Gigabit Ethernet) -> 
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\Windows\System32\nvinitx.dll -> C:\Windows\SysNative\nvinitx.dll -> [2012/10/02 16:21:00 | 000,247,144 | ---- | M] (NVIDIA Corporation)
C:\PROGRA~1\LUCIDL~1\VIRTU\appinit_dll.dll -> C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll -> [2011/06/19 19:53:20 | 000,187,488 | ---- | M] (Lucidlogix Inc.)
*MultiFile Done* -> -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
c:\Windows\SysWOW64\nvinit.dll -> c:\Windows\SysWOW64\nvinit.dll -> [2012/10/02 16:21:00 | 000,202,600 | ---- | M] (NVIDIA Corporation)
c:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll -> c:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll -> [2011/06/19 19:53:40 | 000,157,792 | ---- | M] (Lucidlogix Inc.)
*MultiFile Done* -> -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 19:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2012/10/10 02:22:28 | 000,441,856 | ---- | M] (Intel Corporation)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{1D65B2E9-3EEF-4349-A64F-BE46991E93E7} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32801 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{1F5E7AFA-5D77-4E9C-9772-671981DF8105} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system | 
{2C03FACB-8BD3-48F6-8427-44D8D494A3A4} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{32F91ADB-6509-43F7-8D18-B2D40530282B} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32809 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{39CC372C-FA2A-44B8-A3C0-9401EE15B9CB} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32757 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{464520FC-5CE8-47C8-9CF4-9DEAAAE82B54} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | 
{4F124FFF-D3E4-4654-849A-CF71CC6325CC} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss | 
{5C6EFBF0-8595-4D44-AB93-5106032CBCD2} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system | 
{5DF5816C-8DBC-45CD-A512-06659B365377} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files\microsoft office\office14\outlook.exe | 
{5F8DC228-6044-466E-83F6-100FC02DDFE6} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system | 
{5FE2836D-C438-4F49-814B-8C00F0C3F332} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system | 
{6FF047B8-C95C-477B-A531-4283528D70F5} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | 
{6FFE7088-997E-4156-83C9-579BE0B1BEAE} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system | 
{701D6A92-2119-450A-9AD3-7FCB8DB49FAC} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | 
{83436519-AE57-4D53-A207-0B59880275AE} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system | 
{86ECC8C0-9FEC-4CDA-B427-104EEE54EA39} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{9B9272E9-D806-4386-8DD6-D98FAA23B872} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32789 | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{A04E5EBA-52D0-4059-9D25-2F39F99CD150} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{A3DA18BA-7E51-4987-A456-FF0BA04F4CB8} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32785 | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{A6AF9586-4413-462B-BF45-E15BF7FC6837} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{A8A4B393-DBFD-4026-A205-8CAD22DD350A} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{B54686B6-4BCF-4EC7-A613-04B8C96CC054} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32753 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{B9C1DEC4-687A-47FD-916C-8F5B482200B9} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{C145A09D-2C1C-443C-BEBF-4BC4EEC649F7} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{C781220B-E56E-4A8C-A96F-E73B769A3658} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{D0AB3AE6-2C4E-41EA-9CBE-C93FD1C9B664} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32811 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{DB9BAB17-82BC-4051-947A-0229AA82EE05} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{EC97624C-15D2-4694-9546-142B33D679A1} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{ECD810F2-B31E-456C-8A63-1F2F109FE062} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32805 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{F4786318-097C-4691-8409-58697EBF57E0} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{FA677326-74AB-482F-819D-E6FA080AAAC5} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system | 
{FC53F915-1AF4-4384-ADF3-4FA0855B1055} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{00C34C57-33C2-41E3-A0F9-BFB3135C66CA} -> profile=public | protocol=17 | dir=in | action=block | name=planetside2 | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe | 
{018D80F3-FF79-464E-9647-D7E3DF5DC469} -> profile=private | protocol=17 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
{08A84810-FFB4-4A49-A77D-B3888BA1794D} -> profile=private | protocol=17 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
{08F7B712-9A15-4C52-B303-D7DA22842199} -> profile=private | protocol=17 | dir=in | action=allow | name=mass effect&#8482; 3 | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
{0B4ADB32-39D7-4E9D-80B3-B5731BC51484} -> profile=public | protocol=6 | dir=in | action=allow | name=crysis | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
{0B90D037-CB32-45B2-B7C9-982BD832BBF9} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{0D8700A7-0BC6-4788-99A0-93220E024817} -> profile=private | protocol=17 | dir=in | action=allow | name=ubisoft game launcher | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
{0E30CD7C-E82D-4974-8738-43D48EC331A6} -> profile=private | protocol=17 | dir=in | action=allow | name=star wars: knights of the old republic ii | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe | 
{0ED57B95-F793-41AB-A34F-69F322B732F2} -> profile=private | protocol=6 | dir=in | action=allow | name=shank 2 | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe | 
{117484B4-C1EC-4715-A54F-9D4BCBD5E597} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{138364DD-0276-4408-9E97-F20FF23ED53B} -> profile=public | protocol=17 | dir=in | action=allow | name=crysis | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
{13BFC1CD-2785-42FC-A3C2-E36E630A855C} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{15C54360-48CE-4921-8748-038C690383CA} -> profile=private | protocol=17 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
{15E029C1-D036-46C1-9391-EB218AC6129C} -> profile=private | protocol=6 | dir=in | action=allow | name=sweetpacksupdatemanager | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
{170AEC91-28E5-42C8-B7C8-3041E1ED826F} -> profile=private | protocol=6 | dir=in | action=allow | name=the witcher 2: enhanced edition | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | 
{1B737978-73F6-4992-89BD-F9E49157CAB5} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{202E6CB8-BD2F-4AED-9333-31DFD75E3BEA} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{20D698E6-C139-4948-A984-9E8074DBCB53} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 | 
{214F9B83-2089-4861-AE51-9A48579A1C86} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{21E7C2F0-F4E2-4942-8B1E-397DE9B903D9} -> profile=public | protocol=6 | dir=in | action=allow | name=zombie driver | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe | 
{2398252F-6B04-4DD3-8252-7BC66A5A9B2A} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{25E600E9-D5C1-4301-BF26-BCA315553F83} -> profile=private | protocol=6 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
{26BBE2F6-CF3D-489E-9C78-1D97BB9B70DC} -> profile=private | protocol=17 | dir=in | action=allow | name=sweetpacksupdatemanager | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
{2714CF67-218E-437B-9883-4F12A74E69A2} -> profile=public | protocol=6 | dir=in | action=block | name=terrariaserver.exe | app=c:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe | 
{27A65776-737E-4F57-92DD-5AF968B63F5D} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{2832C953-E4E4-453D-9354-9D2F506C0537} -> profile=private | protocol=6 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
{2884AC44-D73A-4C39-B492-807910A770E5} -> profile=private | protocol=6 | dir=in | action=allow | name=expressfilesinstaller | app=c:\users\thorandai\appdata\local\microsoft\windows\temporary internet files\content.ie5\ofaama2o\mbs-series.horsing.around_fullversion_downloader_98838b.exe | 
{299CE4A3-3CAE-47D1-841D-D511306C36F1} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{2C3F0BA6-CEFB-4228-B039-46452713B4CB} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{2D1A0B24-07B7-4A41-A03A-2C2E29D1924F} -> dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{30C2242F-C667-4EBD-A68E-8BF428BFB2FB} -> profile=public | protocol=17 | dir=in | action=allow | name=chivalry: medieval warfare | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
{30E9FE0C-E41C-48D7-AB23-0EBBB473DC49} -> profile=public | protocol=6 | dir=in | action=block | name=dishonored | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
{3239E65A-D8D4-44C1-89CB-2BE1F863ECD5} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | 
{3277054A-9170-4154-89A0-829521E685D0} -> profile=public | protocol=6 | dir=in | action=block | name=planetside2 | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe | 
{337F628B-F6F0-4AE1-9CD8-1100D52929D2} -> protocol=58 | dir=in | action=allow | [email protected],-502 | app=system | 
{33C5397C-8757-4650-BC40-02B615BB11B6} -> profile=private | protocol=17 | dir=in | action=allow | name=shank 2 | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe | 
{33E5CAA1-DBBC-4B4B-8092-4CAB63CAA414} -> profile=private | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 - multiplayer | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
{356B482F-ACA7-471D-8B6C-8C8BCAB6A575} -> profile=public | protocol=17 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{35827908-2DE5-4EB3-BAF0-E2880B734408} -> profile=private | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
{37B9198A-592F-447A-940B-81543F5A37EF} -> profile=public | protocol=17 | dir=in | action=block | name=guild wars 2 game client | app=c:\program files (x86)\guild wars 2\gw2.exe | 
{37C76EDB-D4A8-4C71-B21E-E15F71DCDBB7} -> profile=public | protocol=6 | dir=in | action=allow | name=star wars: knights of the old republic ii | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe | 
{3B094302-3C29-4445-8216-F323DD3FCED9} -> profile=public | protocol=17 | dir=in | action=allow | name=diablo iii | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
{3DCD4F0F-E584-4FBB-A814-B373F8DF3E72} -> profile=private | protocol=17 | dir=in | action=allow | name=magic: the gathering - duels of the planeswalkers 2013 | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
{3E73BA94-A9A9-4CC3-BCE3-51705BEA1A9A} -> profile=private | protocol=6 | dir=in | action=allow | name=chivalry: medieval warfare | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
{3EC33378-9256-4ECE-B5C9-468012462DDD} -> profile=public | protocol=6 | dir=in | action=block | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | 
{3FA49998-64A3-48F1-884E-043D11AE023D} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 | 
{42B27883-EA01-484E-949C-3F11B4B1B01B} -> profile=public | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 - dedicated server | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
{44EE2D7B-E9DC-4089-ADE2-2F4B1EDA056D} -> profile=public | protocol=17 | dir=in | action=block | name=borderlands 2 | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
{46DD3801-F39F-4F45-9E1F-821E7B6A7F19} -> profile=private | protocol=17 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{47E76501-1CCC-4325-B502-D3BDF5E3CEB7} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
{4B568A16-CB29-4854-A6B3-D6517D071C85} -> profile=public | protocol=6 | dir=in | action=allow | name=the binding of isaac | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
{4D20D8D2-E5DA-424E-9E25-A7ACB7095071} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{4E71F6A7-23B8-4C71-B7A3-30B292440CFD} -> profile=public | protocol=17 | dir=in | action=block | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | 
{4FA34BD4-574F-4F66-8DB4-9BDD7E9DABF8} -> profile=private | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{512F06AF-31DF-475B-923E-E7BE80871D72} -> profile=public | protocol=6 | dir=in | action=allow | name=magic: the gathering - duels of the planeswalkers 2013 | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
{52F38889-BA4E-42C7-8E57-D6172AB5E3CC} -> profile=private | protocol=6 | dir=in | action=allow | name=arma 2 free | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | 
{53351E82-7D61-4D7C-9C7F-61F5AEE31479} -> profile=private | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 - multiplayer | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
{54835DF1-F330-4F4D-A3F1-546AF3A37424} -> profile=private | protocol=17 | dir=in | action=allow | name=the witcher 2: bonus content | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | 
{55EFB667-D2F4-437D-81D3-194D8CE6CFCD} -> profile=public | protocol=17 | dir=in | action=block | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
{560F1F08-67F3-46FA-8B7B-539491D625D4} -> profile=private | protocol=17 | dir=in | action=allow | name=battlefield 3&#8482; | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
{5781A001-45F4-4095-8863-19D3A833F56E} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
{5AA87217-47F7-4E8D-979B-DD4CB0D49081} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{5F7DA13B-00FC-4C4A-A2D8-3DD52E3C1668} -> profile=public | protocol=6 | dir=in | action=allow | name=battlefield 3&#8482; | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
{6081F4E4-B857-4F22-9956-61F669662DCB} -> profile=private | protocol=6 | dir=in | action=allow | name=magic: the gathering - duels of the planeswalkers 2013 | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
{62D4169A-99CF-4CE1-AB7E-8810FA293A96} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{63AD6DCB-40F1-4AE2-AA8F-8E28902D8EA6} -> profile=private | protocol=6 | dir=in | action=allow | name=ubisoft game launcher | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
{64224D49-9DA6-474E-83D0-5519A1A97DC9} -> profile=private | protocol=6 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
{66602103-5C7F-4AA2-9620-38A748FACDAB} -> profile=public | protocol=17 | dir=in | action=allow | name=the binding of isaac | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
{67874877-6E6F-43FD-B778-0D36820EAED8} -> profile=public | protocol=17 | dir=in | action=block | name=hl2 | app=c:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe | 
{6AE747B2-C6A0-4143-B1D1-5C3584E07DFB} -> profile=public | protocol=17 | dir=in | action=allow | name=natural selection 2 | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | 
{6E158DF7-E7E3-4071-8181-B59820B3CEF5} -> profile=private | protocol=6 | dir=in | action=allow | name=zombie driver | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe | 
{703588AA-C3FE-467D-A97A-56CBB077F0D5} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
{71315C34-E6A2-4970-B8D8-D19D469CA9C3} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{716D2B33-0536-4DAE-BC36-CAB3820D4740} -> profile=private | protocol=17 | dir=in | action=allow | name=updatemanagersetup | app=c:\windows\syswow64\msiexec.exe | 
{723D3F0A-6A3E-4E99-AEA4-BC52CB1FDFCB} -> profile=private | protocol=17 | dir=in | action=allow | name=magic: the gathering â&#8364;&#8221; duels of the planeswalkers 2012 | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
{72F967B3-C26A-491C-821D-EBBAE1D8084C} -> profile=private | protocol=17 | dir=in | action=allow | name=ace of spades | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
{7612F85A-D7CA-43AD-8DB5-122FF55C44EC} -> profile=private | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 - dedicated server | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
{77034824-689C-44F9-A441-0DE6DB362945} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 | 
{7F03C3F3-4D96-4060-8ABF-CF11582FE86F} -> profile=public | protocol=17 | dir=in | action=block | name=dishonored | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
{800F19DC-460C-40E7-AB07-0FB4A22FE234} -> profile=public | protocol=17 | dir=in | action=allow | name=shank 2 | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe | 
{817B44D8-D3D0-4208-9968-C22549BB72C7} -> profile=public | protocol=17 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\java.exe | 
{81EDC20D-3433-4187-A849-CC25DE7565CF} -> profile=private | protocol=6 | dir=in | action=allow | name=ace of spades | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
{82CE33DD-A95A-430B-A49A-A9C54094CB3B} -> dir=in | action=allow | name=cyberlink powerdvd 9.0 | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
{83DCB3E4-765F-4CBD-8314-945384E65605} -> profile=private | protocol=6 | dir=in | action=allow | name=puzzle pirates | app=c:\program files (x86)\steam\steamapps\common\puzzle pirates\java_vm\bin\javaw.exe | 
{83F130BE-DDCF-4EBE-9557-C6C27C83859A} -> profile=public | protocol=17 | dir=in | action=allow | name=battlefield 3&#8482; | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
{863638F2-BDC5-4B6B-95D1-299F847484E9} -> profile=private | protocol=6 | dir=in | action=allow | name=the binding of isaac | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
{89451B7C-8648-430B-8C54-DEDF75AB3755} -> profile=private | protocol=17 | dir=in | action=allow | name=arma 2 free | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | 
{89B3D3F6-B09E-4071-B354-31176B84B507} -> profile=public | protocol=6 | dir=in | action=allow | name=diablo iii | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
{8E4A11FB-C936-415C-A89D-4B2008D73E59} -> dir=out | action=block | name=uplay block | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\uplay.exe | 
{91982D62-A276-4ED2-A791-B4D18DAE0F34} -> profile=domain | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{99D727E6-A102-468E-9E00-B52ABC65D7C5} -> profile=private | protocol=17 | dir=in | action=allow | name=the binding of isaac | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
{9A89A69D-F738-4B59-AC28-6243AC5877E7} -> profile=private | protocol=17 | dir=in | action=allow | name=zombie driver | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe | 
{9C67E0C0-6A41-444A-91B5-4A7E0AD40BC4} -> profile=public | protocol=6 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{A0091EFF-043B-4ECE-8AD7-104F97BD206A} -> profile=public | protocol=6 | dir=in | action=allow | name=chivalry: medieval warfare | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
{A4751365-C022-4EB1-BB49-D3AC00AFABC7} -> profile=domain | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{A5CCE79D-C2C9-4946-8DBA-1F84BEDE88F5} -> profile=public | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
{A68D85A5-95A5-4119-A174-00DD7BC3A030} -> profile=private | protocol=6 | dir=in | action=allow | name=expressfiles | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
{A8080DEE-5C57-47DD-9044-546445DD276A} -> profile=public | protocol=17 | dir=in | action=allow | name=star wars: knights of the old republic ii | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe | 
{AA0EAC26-49FB-48A5-B6CB-99E873E3AE4C} -> profile=private | protocol=17 | dir=in | action=allow | name=puzzle pirates | app=c:\program files (x86)\steam\steamapps\common\puzzle pirates\java_vm\bin\javaw.exe | 
{AAB6C9B5-8F6F-4901-A4EB-6985DD9579A4} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{ABF7014C-FB05-48FD-9D5B-D0B0E950BCDE} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
{AD0B1612-49BE-4882-BFDC-53D34159A441} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
{AD84A164-0562-4475-A768-5C2073EAD13A} -> profile=private | protocol=6 | dir=in | action=allow | name=expressfilesdl | app=c:\program files (x86)\expressfiles\expressdl.exe | 
{AF755AC0-E56D-4B3A-B986-7EC263C413F5} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{B06594E8-5D4E-42AC-BA38-09E8C71A95E1} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{B1634526-2E64-44C8-9769-02BF35BE5A2C} -> profile=public | protocol=17 | dir=in | action=block | name=terrariaserver.exe | app=c:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe | 
{B1BBFF69-680B-4E4E-B625-E9B0380A1366} -> profile=public | protocol=6 | dir=in | action=allow | name=express files | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
{B207B03F-521E-4606-B56A-D2027CEBAB48} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{B25EBD5F-B705-4438-89D9-203D25232C8F} -> profile=private | protocol=17 | dir=in | action=allow | name=the witcher 2: enhanced edition | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | 
{B40FA29A-E6D9-4A4C-86B9-B8D0CE33702C} -> profile=public | protocol=6 | dir=out | action=allow | [email protected],-32821 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{B42A042E-C5FC-4FE2-ADCA-2A7F97A2C0B5} -> profile=private | protocol=6 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{B4562B2B-9FB1-4E5A-9C3E-220831B99D68} -> profile=private | protocol=6 | dir=in | action=allow | name=nuclear dawn | app=c:\program files (x86)\steam\steamapps\common\nuclear dawn\nucleardawn.exe | 
{B4A0175B-D54C-4B58-ABB7-999961D00A6F} -> profile=private | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{B6420DE1-6725-453D-ACCF-16CB2B6288E4} -> profile=public | protocol=17 | dir=in | action=allow | name=magic: the gathering - duels of the planeswalkers 2013 | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
{B71FBA1D-D384-4821-87EE-801493854728} -> profile=public | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 - multiplayer | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
{B9D68B96-55D7-45B5-89D7-C80EF6A24786} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{BA017598-15F0-4330-80A8-F741C4558C7F} -> profile=private | protocol=6 | dir=in | action=allow | name=the witcher 2: bonus content | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | 
{BFAE20B3-C8BC-4686-A35C-B3CA222E7EB0} -> profile=private | protocol=6 | dir=in | action=allow | name=star wars: knights of the old republic ii | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe | 
{BFFFB3EE-E962-4B88-8A50-A0FD31C34D52} -> profile=private | protocol=6 | dir=in | action=allow | name=mass effect&#8482; 3 | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
{C0485E14-9403-421C-A09C-6A65DB13C3BC} -> profile=public | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
{C0B9748E-721E-4731-9D42-4E473B32789C} -> profile=public | protocol=6 | dir=in | action=allow | name=ace of spades | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
{C0DE06D3-D767-4892-9E65-A9325C6B458A} -> profile=public | protocol=6 | dir=in | action=block | name=guild wars 2 game client | app=c:\program files (x86)\guild wars 2\gw2.exe | 
{C1BEBA4F-7869-4A13-9CF0-AF9B00F7B909} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{C212986C-065D-4E83-B48B-383BC4508E19} -> profile=private | protocol=6 | dir=in | action=allow | name=magic: the gathering â&#8364;&#8221; duels of the planeswalkers 2012 | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
{C2B72AD0-EA5F-4B6E-884B-C119A8F6BE09} -> dir=in | action=allow | name=cyberlink powerdvd 9.0 | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
{C58CFAD4-1ECF-4D17-87E7-8751805E2F40} -> profile=private | protocol=6 | dir=in | action=allow | name=avg diagnostics 2012 | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
{C6CB037C-3984-41D4-97BB-8FD8BD4F8E57} -> profile=public | protocol=6 | dir=in | action=block | name=borderlands 2 | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
{CC80BFB4-BC9A-4493-BD2A-8F097464DA68} -> profile=private | protocol=17 | dir=in | action=allow | name=chivalry: medieval warfare | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
{CEF692FF-6BD4-4AF8-B22A-2A0CA6694BBA} -> profile=private | protocol=6 | dir=in | action=allow | name=batman: arkham city&#8482; | app=c:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe | 
{CFAEC99A-376D-49E6-A27F-E0B9D625B293} -> profile=public | protocol=6 | dir=in | action=block | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
{D1823496-4DE1-4D1A-AABC-6483E11C2F19} -> profile=private | protocol=17 | dir=in | action=allow | name=expressfilesdl | app=c:\program files (x86)\expressfiles\expressdl.exe | 
{D249A610-7AD1-452C-8919-28C90189F3B6} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{D2EB2260-2B26-4B83-B722-9D9D6D161465} -> profile=private | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
{D5587CFB-A822-466D-9C6D-2B79AD4A9525} -> profile=private | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{D5D93789-37D0-4F4D-814E-B3207CB0343E} -> profile=private | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 - dedicated server | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
{D761D2FD-4F98-4F09-8533-80BC721E80B6} -> profile=private | protocol=6 | dir=in | action=allow | name=updatemanagersetup | app=c:\windows\syswow64\msiexec.exe | 
{D76D3E47-14E8-44F7-8A49-541F5B47AD3C} -> profile=public | protocol=6 | dir=in | action=allow | name=express files | app=c:\program files (x86)\expressfiles\expressdl.exe | 
{D9EB42B3-A932-4AEB-94E6-E58991C27497} -> profile=public | protocol=17 | dir=in | action=allow | name=ace of spades | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
{DB6A0DFF-4889-45A3-BC53-4EF8F496606C} -> profile=public | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 - multiplayer | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
{DC34BF1C-5C08-44BE-9B75-E5F3793185F4} -> profile=private | protocol=17 | dir=in | action=allow | name=nuclear dawn | app=c:\program files (x86)\steam\steamapps\common\nuclear dawn\nucleardawn.exe | 
{DCBFE24E-03FA-4285-BBBF-07DB4CA8F20B} -> profile=private | protocol=17 | dir=in | action=allow | name=expressfiles | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
{E3157D46-3330-4172-9FAD-CA2F106FC328} -> profile=public | protocol=17 | dir=in | action=allow | name=zombie driver | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe | 
{E59C358F-F5FA-4584-AB5C-BE6182E05536} -> profile=public | protocol=17 | dir=in | action=allow | name=express files | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
{E7493F7E-B37F-4AFB-A8F4-802E5BAC6835} -> profile=private | protocol=17 | dir=in | action=allow | name=avg diagnostics 2012 | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
{E9133660-D3E5-450E-B882-60644B904FEB} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 | 
{E9307B69-06F2-4F35-B982-877E352D543E} -> dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{EAEC59E7-8222-4FA8-B309-651FBAE6F886} -> profile=public | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 - dedicated server | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
{EE1CBA59-6C49-4905-8841-99FC3EAFCF81} -> profile=public | protocol=6 | dir=in | action=block | name=hl2 | app=c:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe | 
{EED10039-13FA-447A-AEF0-CCEAF41343AC} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
{EF095095-52BC-4CD6-8E9F-CC4E2543CD6D} -> profile=private | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{EF48A6B3-1924-4A34-8846-E0C5158793F8} -> profile=public | protocol=6 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\java.exe | 
{F0F5C266-DE55-4FE8-9BD7-4A994B3022FE} -> protocol=58 | dir=out | action=allow | [email protected],-503 | 
{F1DD9C8E-3BCA-459B-8B3F-CC41963AD029} -> profile=private | protocol=17 | dir=in | action=allow | name=batman: arkham city&#8482; | app=c:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe | 
{F6E8DDE6-E36D-4312-A6EE-739AEDF691FD} -> profile=private | protocol=17 | dir=in | action=allow | name=expressfilesinstaller | app=c:\users\thorandai\appdata\local\microsoft\windows\temporary internet files\content.ie5\ofaama2o\mbs-series.horsing.around_fullversion_downloader_98838b.exe | 
{F8CCE578-F5F2-47E6-AD96-27DC4ED9F847} -> profile=private | protocol=6 | dir=in | action=allow | name=battlefield 3&#8482; | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
{FAF8CEAC-CF2C-4A82-BC59-DB04A9B18E09} -> profile=public | protocol=6 | dir=in | action=allow | name=shank 2 | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe | 
{FBF8DE14-A7F4-461D-9A7A-290C37006278} -> profile=public | protocol=17 | dir=in | action=allow | name=express files | app=c:\program files (x86)\expressfiles\expressdl.exe | 
{FE955E2A-853D-436D-BEE9-06C37B8B3A02} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{FEA23817-0FFD-4A7E-8191-71F0ADEB4AC9} -> profile=public | protocol=6 | dir=in | action=allow | name=natural selection 2 | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | 
TCP Query User{0D111A51-5762-453E-B25D-1B8CD4820842}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=the witcher 2 | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
TCP Query User{1D3003A5-FF44-4E9D-ACED-2BF655F61A8A}C:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe -> profile=private | protocol=6 | dir=in | action=allow | name=terrariaserver.exe | app=c:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe | 
TCP Query User{269E325B-E9A8-47BA-86BC-593964BBB0D8}C:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe -> profile=private | protocol=6 | dir=in | action=allow | name=crimecraft | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe | 
TCP Query User{39539004-6592-4F16-A1C9-B912972BF941}C:\programdata\electronic arts\need for speed world\data\nfsw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=need for speed world | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
TCP Query User{4318227D-1929-46D9-BDF6-1C7EE89AFF6F}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe -> profile=private | protocol=6 | dir=in | action=allow | name=acrpr | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe | 
TCP Query User{48A816C2-CE9E-43D4-B2D1-5F7554DA1AE2}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe -> profile=private | protocol=6 | dir=in | action=allow | name=gameclient | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
TCP Query User{54BCF9E2-0653-4F9F-9A31-F0C6A1D6F909}C:\windows\syswow64\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\syswow64\java.exe | 
TCP Query User{596E1BA1-F041-4B79-8BF7-0783841318E3}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=borderlands 2 | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
TCP Query User{73BF304B-2C0C-40DB-9A07-E53BFD5395F1}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe -> profile=private | protocol=6 | dir=in | action=allow | name=dishonored | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
TCP Query User{7B1D0CDC-A10D-4748-BE20-8D74F82563F0}C:\program files (x86)\guild wars 2\gw2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=guild wars 2 game client | app=c:\program files (x86)\guild wars 2\gw2.exe | 
TCP Query User{8B3CB950-9159-4101-86FF-8C8A0C2CC81D}C:\program files (x86)\steam\steam.exe -> profile=public | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
TCP Query User{8F78BE18-B434-4D3B-B054-430A18A2344C}C:\program files\java\jre7\bin\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\java.exe | 
TCP Query User{9CEFD467-E281-40C8-A5F5-5468DF7FFDCD}C:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=planetside2 | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe | 
TCP Query User{9E123E02-9957-40A6-A95A-0910B5E43529}C:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe | 
TCP Query User{AE3CA4DD-1CC3-4BF1-B3EA-729E7FADFAAD}C:\program files (x86)\ccp\eve\bin\exefile.exe -> profile=private | protocol=6 | dir=in | action=block | name=ccp exefile | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
TCP Query User{B072CBCC-19F5-49FF-A36F-99607FB598FF}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe -> profile=public | protocol=6 | dir=in | action=block | name=mcforge.exe | app=c:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe | 
TCP Query User{B9A0AA50-33E7-41D6-8A69-3B9D7C9622BC}C:\program files\java\jre7\bin\javaw.exe -> profile=private | protocol=6 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\javaw.exe | 
TCP Query User{C6074BD9-511B-4589-B9AA-A8424EAE2C61}C:\windows\system32\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | 
TCP Query User{DD2F429D-9DB6-4F6C-A5CC-FD4B556EBF2A}C:\users\public\games\cryptic studios\champions online\live\gameclient.exe -> profile=private | protocol=6 | dir=in | action=allow | name=gameclient | app=c:\users\public\games\cryptic studios\champions online\live\gameclient.exe | 
TCP Query User{DFAB1278-345D-472C-9FC0-A445EB91FF32}C:\program files (x86)\farcry 3\bin\farcry3.exe -> profile=public | protocol=6 | dir=in | action=block | name=far cry 3 | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
TCP Query User{E51BE3FD-4E97-4A3D-A0B5-CC5320B8410E}C:\program files (x86)\farcry 3\bin\farcry3.exe -> profile=private | protocol=6 | dir=in | action=allow | name=far cry 3 | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
TCP Query User{E537A36A-AB76-4207-9B32-751F33E35DCC}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe -> profile=public | protocol=6 | dir=in | action=allow | name=tribesascend | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
TCP Query User{EAB530A1-80C6-4F12-9486-C87811BA5737}C:\program files\java\jre6\bin\javaw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre6\bin\javaw.exe | 
TCP Query User{F24DAD95-9391-4A23-8954-6DF899DB6BF1}C:\users\thorandai\appdata\local\temp\gw2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
TCP Query User{FB9E48CB-D8E0-44FF-BE30-5CD2174A5DCA}C:\program files (x86)\assassins creed iii\ac3sp.exe -> profile=private | protocol=6 | dir=in | action=block | name=ac3sp | app=c:\program files (x86)\assassins creed iii\ac3sp.exe | 
TCP Query User{FCC68C24-1770-4A20-81AA-6DDB9787BEF3}C:\program files (x86)\secondlifeviewer\slvoice.exe -> profile=private | protocol=6 | dir=in | action=block | name=slvoice | app=c:\program files (x86)\secondlifeviewer\slvoice.exe | 
UDP Query User{20665ACE-DE2F-4681-B297-2F620A9FE7AB}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe -> profile=private | protocol=17 | dir=in | action=allow | name=dishonored | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
UDP Query User{348229C7-DBDC-4D61-96C6-26AFD788C25F}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe -> profile=private | protocol=17 | dir=in | action=allow | name=gameclient | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
UDP Query User{36D85F5E-B9DD-42AB-9B13-40827ABA124F}C:\program files\java\jre6\bin\javaw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre6\bin\javaw.exe | 
UDP Query User{38A582C7-9D0C-465E-9961-0137D6CD47C3}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe -> profile=public | protocol=17 | dir=in | action=allow | name=tribesascend | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
UDP Query User{3B331040-C891-4784-B8BC-144252206E04}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe -> profile=public | protocol=17 | dir=in | action=block | name=mcforge.exe | app=c:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe | 
UDP Query User{3CF8AA8A-35FD-4ADE-9F9B-C3E437E719F5}C:\program files\java\jre7\bin\javaw.exe -> profile=private | protocol=17 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\javaw.exe | 
UDP Query User{3EDDD5A1-FB65-4C6E-85A2-5C1D798D7385}C:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe | 
UDP Query User{4098D7B4-A5BF-4257-BCF9-660DFFE79FA1}C:\program files\java\jre7\bin\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\java.exe | 
UDP Query User{42C029E1-7B07-428E-98B5-8AC8EA5ADA3A}C:\windows\syswow64\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\syswow64\java.exe | 
UDP Query User{5409C73D-7C2D-4413-B733-6F3394C3A53F}C:\program files (x86)\secondlifeviewer\slvoice.exe -> profile=private | protocol=17 | dir=in | action=block | name=slvoice | app=c:\program files (x86)\secondlifeviewer\slvoice.exe | 
UDP Query User{586D66F3-74C1-4FED-9C0F-AF24BA3CBF73}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=the witcher 2 | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
UDP Query User{58AAF8A2-5CF6-45BA-B109-E1F3C6396733}C:\program files (x86)\steam\steam.exe -> profile=public | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
UDP Query User{638DD2EB-320B-4EC5-88AE-6042596F7B1D}C:\programdata\electronic arts\need for speed world\data\nfsw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=need for speed world | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
UDP Query User{67D5AC43-8ACD-4502-AEBA-6141A31AAC7B}C:\program files (x86)\farcry 3\bin\farcry3.exe -> profile=public | protocol=17 | dir=in | action=block | name=far cry 3 | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
UDP Query User{74E98411-5A63-4961-9B63-0BF5B0080058}C:\program files (x86)\assassins creed iii\ac3sp.exe -> profile=private | protocol=17 | dir=in | action=block | name=ac3sp | app=c:\program files (x86)\assassins creed iii\ac3sp.exe | 
UDP Query User{903A431A-35BE-4654-8B58-77773A191B1B}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=borderlands 2 | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
UDP Query User{9479DF4E-E773-434F-9FDE-DA8D60064AFA}C:\program files (x86)\ccp\eve\bin\exefile.exe -> profile=private | protocol=17 | dir=in | action=block | name=ccp exefile | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
UDP Query User{9A150F9A-0CD9-4A11-9F3C-D5ED0FC08AEB}C:\users\public\games\cryptic studios\champions online\live\gameclient.exe -> profile=private | protocol=17 | dir=in | action=allow | name=gameclient | app=c:\users\public\games\cryptic studios\champions online\live\gameclient.exe | 
UDP Query User{9C317EED-ABC1-43E4-A925-C73E2EE663F2}C:\program files (x86)\farcry 3\bin\farcry3.exe -> profile=private | protocol=17 | dir=in | action=allow | name=far cry 3 | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
UDP Query User{B32F96BC-3FCB-4BF3-97DF-E2EDC3DECFA9}C:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe -> profile=private | protocol=17 | dir=in | action=allow | name=crimecraft | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe | 
UDP Query User{BD2F7DB6-95E4-4D89-94F0-BF3C4A615940}C:\windows\system32\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | 
UDP Query User{CE953562-0DA4-4AFA-A4D4-242187C7F85A}C:\users\thorandai\appdata\local\temp\gw2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
UDP Query User{DB9FD0FB-1B2C-4C69-B696-4FD9E2D3B231}C:\program files (x86)\guild wars 2\gw2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=guild wars 2 game client | app=c:\program files (x86)\guild wars 2\gw2.exe | 
UDP Query User{E77F772D-8AED-4428-BC4D-BC1F2CB30E7B}C:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=planetside2 | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe | 
UDP Query User{F4A74F1D-DE41-49AA-95AA-3E794DDDDC3E}C:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe -> profile=private | protocol=17 | dir=in | action=allow | name=terrariaserver.exe | app=c:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe | 
UDP Query User{FF735732-2E4D-4A01-8D7B-097BEBDF12C7}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe -> profile=private | protocol=17 | dir=in | action=allow | name=acrpr | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 21:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 90 Days]
 OTS.exe -> C:\Users\thorandai\Desktop\OTS.exe -> [2013/01/14 12:11:52 | 000,646,656 | ---- | C] (OldTimer Tools)
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2013/01/13 15:11:35 | 000,000,000 | ---D | C]
 temp -> C:\Windows\temp -> [2013/01/13 15:10:07 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2013/01/13 12:10:05 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2013/01/13 12:10:05 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2013/01/13 12:10:05 | 000,060,416 | ---- | C] (NirSoft)
 ComboFix.exe -> C:\Users\thorandai\Desktop\ComboFix.exe -> [2013/01/13 11:44:41 | 005,021,655 | R--- | C] (Swearware)
 Qoobox -> C:\Qoobox -> [2013/01/13 11:38:08 | 000,000,000 | ---D | C]
 erdnt -> C:\Windows\erdnt -> [2013/01/13 11:37:58 | 000,000,000 | ---D | C]
 dds.scr -> C:\Users\thorandai\Desktop\dds.scr -> [2013/01/12 21:32:29 | 000,688,992 | R--- | C] (Swearware)
 HijackThis.exe -> C:\Users\thorandai\Desktop\HijackThis.exe -> [2013/01/12 21:30:58 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 win32spl.dll -> C:\Windows\SysNative\win32spl.dll -> [2013/01/08 21:47:26 | 000,750,592 | ---- | C] (Microsoft Corporation)
 win32spl.dll -> C:\Windows\SysWow64\win32spl.dll -> [2013/01/08 21:47:26 | 000,492,032 | ---- | C] (Microsoft Corporation)
 ncrypt.dll -> C:\Windows\SysNative\ncrypt.dll -> [2013/01/08 21:45:55 | 000,307,200 | ---- | C] (Microsoft Corporation)
 usp10.dll -> C:\Windows\SysNative\usp10.dll -> [2013/01/08 21:45:27 | 000,800,768 | ---- | C] (Microsoft Corporation)
 Wpc.dll -> C:\Windows\SysNative\Wpc.dll -> [2013/01/08 21:45:02 | 000,441,856 | ---- | C] (Microsoft Corporation)
 fpb.rs -> C:\Windows\SysWow64\fpb.rs -> [2013/01/08 21:45:02 | 000,046,592 | ---- | C] (Microsoft)
 fpb.rs -> C:\Windows\SysNative\fpb.rs -> [2013/01/08 21:45:02 | 000,046,592 | ---- | C] (Microsoft)
 oflc-nz.rs -> C:\Windows\SysWow64\oflc-nz.rs -> [2013/01/08 21:45:02 | 000,045,568 | ---- | C] (Microsoft)
 oflc-nz.rs -> C:\Windows\SysNative\oflc-nz.rs -> [2013/01/08 21:45:02 | 000,045,568 | ---- | C] (Microsoft)
 pegibbfc.rs -> C:\Windows\SysWow64\pegibbfc.rs -> [2013/01/08 21:45:02 | 000,044,544 | ---- | C] (Microsoft)
 pegibbfc.rs -> C:\Windows\SysNative\pegibbfc.rs -> [2013/01/08 21:45:02 | 000,044,544 | ---- | C] (Microsoft)
 csrr.rs -> C:\Windows\SysWow64\csrr.rs -> [2013/01/08 21:45:02 | 000,043,520 | ---- | C] (Microsoft)
 csrr.rs -> C:\Windows\SysNative\csrr.rs -> [2013/01/08 21:45:02 | 000,043,520 | ---- | C] (Microsoft)
 cob-au.rs -> C:\Windows\SysWow64\cob-au.rs -> [2013/01/08 21:45:02 | 000,040,960 | ---- | C] (Microsoft)
 cob-au.rs -> C:\Windows\SysNative\cob-au.rs -> [2013/01/08 21:45:02 | 000,040,960 | ---- | C] (Microsoft)
 usk.rs -> C:\Windows\SysWow64\usk.rs -> [2013/01/08 21:45:02 | 000,030,720 | ---- | C] (Microsoft)
 usk.rs -> C:\Windows\SysNative\usk.rs -> [2013/01/08 21:45:02 | 000,030,720 | ---- | C] (Microsoft)
 grb.rs -> C:\Windows\SysWow64\grb.rs -> [2013/01/08 21:45:02 | 000,021,504 | ---- | C] (Microsoft)
 grb.rs -> C:\Windows\SysNative\grb.rs -> [2013/01/08 21:45:02 | 000,021,504 | ---- | C] (Microsoft)
 pegi-pt.rs -> C:\Windows\SysWow64\pegi-pt.rs -> [2013/01/08 21:45:02 | 000,020,480 | ---- | C] (Microsoft)
 pegi-pt.rs -> C:\Windows\SysNative\pegi-pt.rs -> [2013/01/08 21:45:02 | 000,020,480 | ---- | C] (Microsoft)
 pegi.rs -> C:\Windows\SysWow64\pegi.rs -> [2013/01/08 21:45:02 | 000,020,480 | ---- | C] (Microsoft)
 pegi.rs -> C:\Windows\SysNative\pegi.rs -> [2013/01/08 21:45:02 | 000,020,480 | ---- | C] (Microsoft)
 djctq.rs -> C:\Windows\SysWow64\djctq.rs -> [2013/01/08 21:45:02 | 000,015,360 | ---- | C] (Microsoft)
 djctq.rs -> C:\Windows\SysNative\djctq.rs -> [2013/01/08 21:45:02 | 000,015,360 | ---- | C] (Microsoft)
 gameux.dll -> C:\Windows\SysNative\gameux.dll -> [2013/01/08 21:45:01 | 002,746,368 | ---- | C] (Microsoft Corporation)
 gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2013/01/08 21:45:01 | 002,576,384 | ---- | C] (Microsoft Corporation)
 Wpc.dll -> C:\Windows\SysWow64\Wpc.dll -> [2013/01/08 21:45:01 | 000,308,736 | ---- | C] (Microsoft Corporation)
 cero.rs -> C:\Windows\SysWow64\cero.rs -> [2013/01/08 21:45:01 | 000,055,296 | ---- | C] (Microsoft)
 cero.rs -> C:\Windows\SysNative\cero.rs -> [2013/01/08 21:45:01 | 000,055,296 | ---- | C] (Microsoft)
 esrb.rs -> C:\Windows\SysWow64\esrb.rs -> [2013/01/08 21:45:01 | 000,051,712 | ---- | C] (Microsoft)
 esrb.rs -> C:\Windows\SysNative\esrb.rs -> [2013/01/08 21:45:01 | 000,051,712 | ---- | C] (Microsoft)
 oflc.rs -> C:\Windows\SysWow64\oflc.rs -> [2013/01/08 21:45:01 | 000,023,552 | ---- | C] (Microsoft)
 oflc.rs -> C:\Windows\SysNative\oflc.rs -> [2013/01/08 21:45:01 | 000,023,552 | ---- | C] (Microsoft)
 pegi-fi.rs -> C:\Windows\SysWow64\pegi-fi.rs -> [2013/01/08 21:45:01 | 000,020,480 | ---- | C] (Microsoft)
 pegi-fi.rs -> C:\Windows\SysNative\pegi-fi.rs -> [2013/01/08 21:45:01 | 000,020,480 | ---- | C] (Microsoft)
 kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2013/01/08 21:43:55 | 001,161,216 | ---- | C] (Microsoft Corporation)
 KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2013/01/08 21:43:55 | 000,424,448 | ---- | C] (Microsoft Corporation)
 wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2013/01/08 21:43:54 | 000,362,496 | ---- | C] (Microsoft Corporation)
 conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2013/01/08 21:43:54 | 000,338,432 | ---- | C] (Microsoft Corporation)
 wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2013/01/08 21:43:54 | 000,243,200 | ---- | C] (Microsoft Corporation)
 winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2013/01/08 21:43:54 | 000,215,040 | ---- | C] (Microsoft Corporation)
 setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2013/01/08 21:43:54 | 000,025,600 | ---- | C] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysNative\ntvdm64.dll -> [2013/01/08 21:43:54 | 000,016,384 | ---- | C] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2013/01/08 21:43:54 | 000,014,336 | ---- | C] (Microsoft Corporation)
 wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2013/01/08 21:43:54 | 000,013,312 | ---- | C] (Microsoft Corporation)
 instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2013/01/08 21:43:54 | 000,007,680 | ---- | C] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,006,144 | -H-- | C] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,006,144 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,005,120 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,005,120 | -H-- | C] (Microsoft Corporation)
 wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2013/01/08 21:43:54 | 000,005,120 | ---- | C] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 user.exe -> C:\Windows\SysWow64\user.exe -> [2013/01/08 21:43:54 | 000,002,048 | ---- | C] (Microsoft Corporation)
 taskhost.exe -> C:\Windows\SysNative\taskhost.exe -> [2013/01/08 21:43:18 | 000,068,608 | ---- | C] (Microsoft Corporation)
 Fallout3 -> C:\Users\thorandai\AppData\Local\Fallout3 -> [2013/01/07 09:00:15 | 000,000,000 | ---D | C]
 SvchostViewer -> C:\Users\thorandai\AppData\Local\SvchostViewer -> [2012/12/31 12:35:13 | 000,000,000 | ---D | C]
 ParetoLogic -> C:\Users\thorandai\AppData\Roaming\ParetoLogic -> [2012/12/31 12:29:52 | 000,000,000 | ---D | C]
 DriverCure -> C:\Users\thorandai\AppData\Roaming\DriverCure -> [2012/12/31 12:29:52 | 000,000,000 | ---D | C]
 ParetoLogic -> C:\ProgramData\ParetoLogic -> [2012/12/31 12:29:42 | 000,000,000 | ---D | C]
 Programs -> C:\Users\thorandai\AppData\Local\Programs -> [2012/12/30 19:53:10 | 000,000,000 | ---D | C]
 Assassins Creed III-SKIDROW -> C:\Users\thorandai\Assassins Creed III-SKIDROW -> [2012/12/30 01:41:43 | 000,000,000 | ---D | C]
 Black_Tree_Gaming -> C:\Users\thorandai\AppData\Local\Black_Tree_Gaming -> [2012/12/29 18:56:18 | 000,000,000 | ---D | C]
 ZombieDriver -> C:\Users\thorandai\AppData\Roaming\ZombieDriver -> [2012/12/26 12:36:15 | 000,000,000 | ---D | C]
 wrap_oal.dll -> C:\Windows\SysNative\wrap_oal.dll -> [2012/12/26 12:36:10 | 000,466,456 | ---- | C] (Creative Labs)
 wrap_oal.dll -> C:\Windows\SysWow64\wrap_oal.dll -> [2012/12/26 12:36:10 | 000,444,952 | ---- | C] (Creative Labs)
 OpenAL32.dll -> C:\Windows\SysNative\OpenAL32.dll -> [2012/12/26 12:36:10 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
 OpenAL32.dll -> C:\Windows\SysWow64\OpenAL32.dll -> [2012/12/26 12:36:10 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
 OpenAL -> C:\Program Files (x86)\OpenAL -> [2012/12/26 12:36:10 | 000,000,000 | ---D | C]
 DDMSettings -> C:\Users\thorandai\AppData\Local\DDMSettings -> [2012/12/21 11:59:42 | 000,000,000 | ---D | C]
 DivX -> C:\Users\thorandai\AppData\Roaming\DivX -> [2012/12/21 11:48:58 | 000,000,000 | ---D | C]
 DivX Plus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus -> [2012/12/21 11:48:45 | 000,000,000 | ---D | C]
 DivX -> C:\Program Files\DivX -> [2012/12/21 11:48:41 | 000,000,000 | ---D | C]
 DivX Shared -> C:\Program Files (x86)\Common Files\DivX Shared -> [2012/12/21 11:48:22 | 000,000,000 | ---D | C]
 DivX -> C:\Program Files (x86)\DivX -> [2012/12/21 11:46:18 | 000,000,000 | ---D | C]
 DivX -> C:\ProgramData\DivX -> [2012/12/21 11:45:04 | 000,000,000 | ---D | C]
 atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2012/12/21 00:57:07 | 000,367,616 | ---- | C] (Adobe Systems Incorporated)
 atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2012/12/21 00:57:07 | 000,295,424 | ---- | C] (Adobe Systems Incorporated)
 atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2012/12/21 00:57:07 | 000,046,080 | ---- | C] (Adobe Systems)
 atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2012/12/21 00:57:07 | 000,034,304 | ---- | C] (Adobe Systems)
 Skyrim -> C:\Users\thorandai\AppData\Local\Skyrim -> [2012/12/19 09:26:23 | 000,000,000 | ---D | C]
 adventure map server -> C:\Users\thorandai\Desktop\adventure map server -> [2012/12/16 10:16:06 | 000,000,000 | ---D | C]
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2012/12/12 20:12:25 | 000,096,768 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2012/12/12 20:12:25 | 000,073,216 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2012/12/12 20:12:24 | 000,248,320 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2012/12/12 20:12:24 | 000,237,056 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2012/12/12 20:12:24 | 000,231,936 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2012/12/12 20:12:24 | 000,176,640 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2012/12/12 20:12:24 | 000,173,056 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2012/12/12 20:12:24 | 000,142,848 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2012/12/12 20:12:23 | 002,312,704 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2012/12/12 20:12:23 | 001,494,528 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2012/12/12 20:12:23 | 001,427,968 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2012/12/12 20:12:23 | 000,729,088 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2012/12/12 20:12:22 | 000,717,824 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2012/12/12 20:12:21 | 000,816,640 | ---- | C] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2012/12/12 20:12:21 | 000,599,040 | ---- | C] (Microsoft Corporation)
 %Installer_PublisherName% -> C:\ProgramData\%Installer_PublisherName% -> [2012/12/12 20:01:45 | 000,000,000 | ---D | C]
 VaudiX -> C:\Program Files (x86)\VaudiX -> [2012/12/12 20:01:42 | 000,000,000 | ---D | C]
 SwvUpdater -> C:\Users\thorandai\AppData\Local\SwvUpdater -> [2012/12/12 20:01:13 | 000,000,000 | ---D | C]
 CRE -> C:\Users\thorandai\AppData\Local\CRE -> [2012/12/12 20:01:04 | 000,000,000 | ---D | C]
 InstallMate -> C:\ProgramData\InstallMate -> [2012/12/12 19:59:24 | 000,000,000 | ---D | C]
 dpnet.dll -> C:\Windows\SysNative\dpnet.dll -> [2012/12/12 17:48:39 | 000,478,208 | ---- | C] (Microsoft Corporation)
 dpnet.dll -> C:\Windows\SysWow64\dpnet.dll -> [2012/12/12 17:48:39 | 000,376,832 | ---- | C] (Microsoft Corporation)
 Dishonored-SKIDROW -> C:\Users\thorandai\Dishonored-SKIDROW -> [2012/12/10 23:43:21 | 000,000,000 | ---D | C]
 Natural Selection 2 -> C:\Users\thorandai\AppData\Roaming\Natural Selection 2 -> [2012/12/09 13:14:26 | 000,000,000 | ---D | C]
 Orbit -> C:\ProgramData\Orbit -> [2012/12/04 09:37:31 | 000,000,000 | ---D | C]
 .minecraft -> C:\Users\thorandai\AppData\Roaming\.minecraft -> [2012/12/03 11:35:04 | 000,000,000 | ---D | C]
 Notes -> C:\Users\thorandai\Documents\Notes -> [2012/11/29 00:15:19 | 000,000,000 | R--D | C]
 FTB -> C:\FTB -> [2012/11/27 10:32:22 | 000,000,000 | ---D | C]
 Microsoft Games -> C:\Users\thorandai\AppData\Local\Microsoft Games -> [2012/11/26 23:05:50 | 000,000,000 | ---D | C]
 ftblauncher -> C:\Users\thorandai\AppData\Roaming\ftblauncher -> [2012/11/26 22:15:53 | 000,000,000 | ---D | C]
 Sony Online Entertainment -> C:\Users\thorandai\AppData\Local\Sony Online Entertainment -> [2012/11/16 17:48:08 | 000,000,000 | ---D | C]
 WdfLdr.sys -> C:\Windows\SysNative\drivers\WdfLdr.sys -> [2012/11/16 03:05:16 | 000,054,376 | ---- | C] (Microsoft Corporation)
 Wdfres.dll -> C:\Windows\SysNative\Wdfres.dll -> [2012/11/16 03:05:16 | 000,009,728 | ---- | C] (Microsoft Corporation)
 WUDFPlatform.dll -> C:\Windows\SysNative\WUDFPlatform.dll -> [2012/11/16 03:00:33 | 000,194,048 | ---- | C] (Microsoft Corporation)
 WUDFx.dll -> C:\Windows\SysNative\WUDFx.dll -> [2012/11/16 03:00:30 | 000,744,448 | ---- | C] (Microsoft Corporation)
 WUDFHost.exe -> C:\Windows\SysNative\WUDFHost.exe -> [2012/11/16 03:00:30 | 000,229,888 | ---- | C] (Microsoft Corporation)
 WUDFCoinstaller.dll -> C:\Windows\SysNative\WUDFCoinstaller.dll -> [2012/11/16 03:00:30 | 000,045,056 | ---- | C] (Microsoft Corporation)
 dhcpcore6.dll -> C:\Windows\SysNative\dhcpcore6.dll -> [2012/11/16 01:11:49 | 000,226,816 | ---- | C] (Microsoft Corporation)
 dhcpcore6.dll -> C:\Windows\SysWow64\dhcpcore6.dll -> [2012/11/16 01:11:49 | 000,193,536 | ---- | C] (Microsoft Corporation)
 dhcpcsvc6.dll -> C:\Windows\SysNative\dhcpcsvc6.dll -> [2012/11/16 01:11:49 | 000,055,296 | ---- | C] (Microsoft Corporation)
 netcorehc.dll -> C:\Windows\SysNative\netcorehc.dll -> [2012/11/16 01:10:54 | 000,246,272 | ---- | C] (Microsoft Corporation)
 ncsi.dll -> C:\Windows\SysNative\ncsi.dll -> [2012/11/16 01:10:54 | 000,216,576 | ---- | C] (Microsoft Corporation)
 netcorehc.dll -> C:\Windows\SysWow64\netcorehc.dll -> [2012/11/16 01:10:54 | 000,175,104 | ---- | C] (Microsoft Corporation)
 ncsi.dll -> C:\Windows\SysWow64\ncsi.dll -> [2012/11/16 01:10:54 | 000,156,672 | ---- | C] (Microsoft Corporation)
 netevent.dll -> C:\Windows\SysWow64\netevent.dll -> [2012/11/16 01:10:53 | 000,018,944 | ---- | C] (Microsoft Corporation)
 netevent.dll -> C:\Windows\SysNative\netevent.dll -> [2012/11/16 01:10:53 | 000,018,944 | ---- | C] (Microsoft Corporation)
 synceng.dll -> C:\Windows\SysNative\synceng.dll -> [2012/11/16 01:09:42 | 000,095,744 | ---- | C] (Microsoft Corporation)
 synceng.dll -> C:\Windows\SysWow64\synceng.dll -> [2012/11/16 01:09:42 | 000,078,336 | ---- | C] (Microsoft Corporation)
 DivXControlPanelApplet.cpl -> C:\Windows\SysWow64\DivXControlPanelApplet.cpl -> [2012/11/13 14:29:04 | 000,354,216 | ---- | C] (DivX, Inc.)
 LolClient -> C:\Users\thorandai\AppData\Roaming\LolClient -> [2012/11/12 19:09:02 | 000,000,000 | ---D | C]
 D3DCompiler_39.dll -> C:\Windows\SysWow64\D3DCompiler_39.dll -> [2012/11/12 17:03:08 | 001,493,528 | ---- | C] (Microsoft Corporation)
 d3dx10_39.dll -> C:\Windows\SysWow64\d3dx10_39.dll -> [2012/11/12 17:03:08 | 000,467,984 | ---- | C] (Microsoft Corporation)
 D3DX9_39.dll -> C:\Windows\SysWow64\D3DX9_39.dll -> [2012/11/12 17:03:07 | 003,851,784 | ---- | C] (Microsoft Corporation)
 Macromedia -> C:\Users\thorandai\AppData\Local\Macromedia -> [2012/11/11 14:00:08 | 000,000,000 | ---D | C]
 Mozilla -> C:\Users\thorandai\AppData\Local\Mozilla -> [2012/11/11 13:59:35 | 000,000,000 | ---D | C]
 Mozilla -> C:\ProgramData\Mozilla -> [2012/11/11 13:59:32 | 000,000,000 | ---D | C]
 nvoglv32.dll -> C:\Windows\SysWow64\nvoglv32.dll -> [2012/11/08 21:21:17 | 019,906,920 | ---- | C] (NVIDIA Corporation)
 nvwgf2um.dll -> C:\Windows\SysWow64\nvwgf2um.dll -> [2012/11/08 21:21:17 | 012,501,352 | ---- | C] (NVIDIA Corporation)
 nvopencl.dll -> C:\Windows\SysNative\nvopencl.dll -> [2012/11/08 21:21:17 | 007,414,632 | ---- | C] (NVIDIA Corporation)
 nvcuvid.dll -> C:\Windows\SysWow64\nvcuvid.dll -> [2012/11/08 21:21:17 | 002,574,696 | ---- | C] (NVIDIA Corporation)
 nvhda64v.sys -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2012/11/08 21:21:17 | 000,189,288 | ---- | C] (NVIDIA Corporation)
 nvhdap64.dll -> C:\Windows\SysNative\nvhdap64.dll -> [2012/11/08 21:21:17 | 000,031,080 | ---- | C] (NVIDIA Corporation)
 nvcuda.dll -> C:\Windows\SysWow64\nvcuda.dll -> [2012/11/08 21:21:16 | 007,697,768 | ---- | C] (NVIDIA Corporation)
 nvopencl.dll -> C:\Windows\SysWow64\nvopencl.dll -> [2012/11/08 21:21:16 | 006,127,464 | ---- | C] (NVIDIA Corporation)
 nvcuvid.dll -> C:\Windows\SysNative\nvcuvid.dll -> [2012/11/08 21:21:16 | 002,747,240 | ---- | C] (NVIDIA Corporation)
 nvcuvenc.dll -> C:\Windows\SysNative\nvcuvenc.dll -> [2012/11/08 21:21:16 | 002,218,344 | ---- | C] (NVIDIA Corporation)
 nvcuvenc.dll -> C:\Windows\SysWow64\nvcuvenc.dll -> [2012/11/08 21:21:16 | 001,867,112 | ---- | C] (NVIDIA Corporation)
 nvdispgenco64.dll -> C:\Windows\SysNative\nvdispgenco64.dll -> [2012/11/08 21:21:16 | 001,482,600 | ---- | C] (NVIDIA Corporation)
 nvcompiler.dll -> C:\Windows\SysNative\nvcompiler.dll -> [2012/11/08 21:21:15 | 025,256,296 | ---- | C] (NVIDIA Corporation)
 nvcompiler.dll -> C:\Windows\SysWow64\nvcompiler.dll -> [2012/11/08 21:21:15 | 017,559,912 | ---- | C] (NVIDIA Corporation)
 nvcuda.dll -> C:\Windows\SysNative\nvcuda.dll -> [2012/11/08 21:21:15 | 009,146,728 | ---- | C] (NVIDIA Corporation)
 nvapi.dll -> C:\Windows\SysWow64\nvapi.dll -> [2012/11/08 21:21:15 | 002,428,776 | ---- | C] (NVIDIA Corporation)
 nvumdshim.dll -> C:\Windows\SysWow64\nvumdshim.dll -> [2012/11/08 21:21:15 | 000,831,848 | ---- | C] (NVIDIA Corporation)
 Guild Wars 2 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 -> [2012/11/08 21:03:37 | 000,000,000 | ---D | C]
 Guild Wars 2 -> C:\Program Files (x86)\Guild Wars 2 -> [2012/11/08 21:03:37 | 000,000,000 | ---D | C]
 Guild Wars 2 -> C:\Users\thorandai\Documents\Guild Wars 2 -> [2012/11/08 20:57:47 | 000,000,000 | ---D | C]
 Java -> C:\Program Files (x86)\Common Files\Java -> [2012/11/08 19:48:40 | 000,000,000 | ---D | C]
 javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2012/11/08 19:48:29 | 000,246,760 | ---- | C] (Oracle Corporation)
 javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2012/11/08 19:48:16 | 000,174,056 | ---- | C] (Oracle Corporation)
 java.exe -> C:\Windows\SysWow64\java.exe -> [2012/11/08 19:48:16 | 000,174,056 | ---- | C] (Oracle Corporation)
 WindowsAccessBridge-32.dll -> C:\Windows\SysWow64\WindowsAccessBridge-32.dll -> [2012/11/08 19:48:16 | 000,095,208 | ---- | C] (Oracle Corporation)
 Java -> C:\Program Files (x86)\Java -> [2012/11/08 19:48:02 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Users\thorandai\AppData\Roaming\Malwarebytes -> [2012/11/04 14:00:26 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/11/04 13:52:34 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/11/04 13:52:33 | 000,024,176 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2012/11/04 13:52:33 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2012/11/04 13:52:33 | 000,000,000 | ---D | C]
 PAYDAY -> C:\Users\thorandai\AppData\Local\PAYDAY -> [2012/10/20 18:58:06 | 000,000,000 | ---D | C]
 Pando_Temp -> C:\Users\thorandai\AppData\Local\Pando_Temp -> [2012/10/17 16:58:21 | 000,000,000 | ---D | C]
 2 C:\*.tmp files -> C:\*.tmp -> 
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files/Folders - Modified Within 90 Days]
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2013/01/14 12:13:43 | 000,022,080 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2013/01/14 12:13:43 | 000,022,080 | -H-- | M] ()
 OTS.exe -> C:\Users\thorandai\Desktop\OTS.exe -> [2013/01/14 12:11:54 | 000,646,656 | ---- | M] (OldTimer Tools)
 lgfwup.ini -> C:\Windows\lgfwup.ini -> [2013/01/14 12:07:05 | 000,000,344 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2013/01/14 12:06:38 | 000,000,900 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2013/01/14 12:06:24 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2013/01/14 12:06:22 | 4226,211,838 | -HS- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2013/01/14 00:59:00 | 000,000,904 | ---- | M] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/01/14 00:53:00 | 000,000,830 | ---- | M] ()
 hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2013/01/13 15:11:31 | 000,000,027 | ---- | M] ()
 ComboFix.exe -> C:\Users\thorandai\Desktop\ComboFix.exe -> [2013/01/13 11:44:47 | 005,021,655 | R--- | M] (Swearware)
 0bjwx32o.exe -> C:\Users\thorandai\Desktop\0bjwx32o.exe -> [2013/01/12 21:48:24 | 000,365,568 | ---- | M] ()
 dds.scr -> C:\Users\thorandai\Desktop\dds.scr -> [2013/01/12 21:32:31 | 000,688,992 | R--- | M] (Swearware)
 HijackThis.exe -> C:\Users\thorandai\Desktop\HijackThis.exe -> [2013/01/12 21:30:55 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 bootsqm.dat -> C:\bootsqm.dat -> [2013/01/12 13:00:44 | 000,003,304 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\thorandai\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2013/01/11 11:46:21 | 000,002,283 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\thorandai\Desktop\Google Chrome.lnk -> [2013/01/11 11:46:21 | 000,002,259 | ---- | M] ()
 PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2013/01/10 13:44:06 | 000,281,688 | ---- | M] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2013/01/10 13:44:06 | 000,281,688 | ---- | M] ()
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2013/01/09 09:53:39 | 000,697,864 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2013/01/09 09:53:39 | 000,074,248 | ---- | M] (Adobe Systems Incorporated)
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2013/01/09 09:42:53 | 000,352,312 | ---- | M] ()
 PnkBstrB.ex0 -> C:\Windows\SysWow64\PnkBstrB.ex0 -> [2013/01/06 19:50:04 | 000,281,688 | ---- | M] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/12/30 19:53:25 | 000,001,113 | ---- | M] ()
 wrap_oal.dll -> C:\Windows\SysNative\wrap_oal.dll -> [2012/12/26 12:36:10 | 000,466,456 | ---- | M] (Creative Labs)
 wrap_oal.dll -> C:\Windows\SysWow64\wrap_oal.dll -> [2012/12/26 12:36:10 | 000,444,952 | ---- | M] (Creative Labs)
 OpenAL32.dll -> C:\Windows\SysNative\OpenAL32.dll -> [2012/12/26 12:36:10 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
 OpenAL32.dll -> C:\Windows\SysWow64\OpenAL32.dll -> [2012/12/26 12:36:10 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
 PortalGun.rtf -> C:\Users\thorandai\Documents\PortalGun.rtf -> [2012/12/25 02:12:51 | 000,006,150 | ---- | M] ()
 atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems)
 atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated)
 atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated)
 atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems)
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation)
 END -> C:\END -> [2012/12/12 20:01:08 | 000,000,009 | ---- | M] ()
 Wpc.dll -> C:\Windows\SysNative\Wpc.dll -> [2012/12/07 07:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation)
 gameux.dll -> C:\Windows\SysNative\gameux.dll -> [2012/12/07 07:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation)
 Wpc.dll -> C:\Windows\SysWow64\Wpc.dll -> [2012/12/07 06:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation)
 gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2012/12/07 06:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation)
 usk.rs -> C:\Windows\SysNative\usk.rs -> [2012/12/07 05:20:04 | 000,030,720 | ---- | M] (Microsoft)
 csrr.rs -> C:\Windows\SysNative\csrr.rs -> [2012/12/07 05:20:03 | 000,043,520 | ---- | M] (Microsoft)
 oflc.rs -> C:\Windows\SysNative\oflc.rs -> [2012/12/07 05:20:03 | 000,023,552 | ---- | M] (Microsoft)
 oflc-nz.rs -> C:\Windows\SysNative\oflc-nz.rs -> [2012/12/07 05:20:01 | 000,045,568 | ---- | M] (Microsoft)
 pegibbfc.rs -> C:\Windows\SysNative\pegibbfc.rs -> [2012/12/07 05:20:01 | 000,044,544 | ---- | M] (Microsoft)
 pegi-fi.rs -> C:\Windows\SysNative\pegi-fi.rs -> [2012/12/07 05:20:01 | 000,020,480 | ---- | M] (Microsoft)
 pegi-pt.rs -> C:\Windows\SysNative\pegi-pt.rs -> [2012/12/07 05:20:00 | 000,020,480 | ---- | M] (Microsoft)
 pegi.rs -> C:\Windows\SysNative\pegi.rs -> [2012/12/07 05:19:59 | 000,020,480 | ---- | M] (Microsoft)
 fpb.rs -> C:\Windows\SysNative\fpb.rs -> [2012/12/07 05:19:58 | 000,046,592 | ---- | M] (Microsoft)
 cob-au.rs -> C:\Windows\SysNative\cob-au.rs -> [2012/12/07 05:19:57 | 000,040,960 | ---- | M] (Microsoft)
 grb.rs -> C:\Windows\SysNative\grb.rs -> [2012/12/07 05:19:57 | 000,021,504 | ---- | M] (Microsoft)
 djctq.rs -> C:\Windows\SysNative\djctq.rs -> [2012/12/07 05:19:57 | 000,015,360 | ---- | M] (Microsoft)
 cero.rs -> C:\Windows\SysNative\cero.rs -> [2012/12/07 05:19:56 | 000,055,296 | ---- | M] (Microsoft)
 esrb.rs -> C:\Windows\SysNative\esrb.rs -> [2012/12/07 05:19:55 | 000,051,712 | ---- | M] (Microsoft)
 csrr.rs -> C:\Windows\SysWow64\csrr.rs -> [2012/12/07 04:46:42 | 000,043,520 | ---- | M] (Microsoft)
 usk.rs -> C:\Windows\SysWow64\usk.rs -> [2012/12/07 04:46:42 | 000,030,720 | ---- | M] (Microsoft)
 oflc-nz.rs -> C:\Windows\SysWow64\oflc-nz.rs -> [2012/12/07 04:46:41 | 000,045,568 | ---- | M] (Microsoft)
 pegibbfc.rs -> C:\Windows\SysWow64\pegibbfc.rs -> [2012/12/07 04:46:41 | 000,044,544 | ---- | M] (Microsoft)
 oflc.rs -> C:\Windows\SysWow64\oflc.rs -> [2012/12/07 04:46:41 | 000,023,552 | ---- | M] (Microsoft)
 pegi-pt.rs -> C:\Windows\SysWow64\pegi-pt.rs -> [2012/12/07 04:46:41 | 000,020,480 | ---- | M] (Microsoft)
 pegi-fi.rs -> C:\Windows\SysWow64\pegi-fi.rs -> [2012/12/07 04:46:40 | 000,020,480 | ---- | M] (Microsoft)
 fpb.rs -> C:\Windows\SysWow64\fpb.rs -> [2012/12/07 04:46:39 | 000,046,592 | ---- | M] (Microsoft)
 pegi.rs -> C:\Windows\SysWow64\pegi.rs -> [2012/12/07 04:46:39 | 000,020,480 | ---- | M] (Microsoft)
 grb.rs -> C:\Windows\SysWow64\grb.rs -> [2012/12/07 04:46:38 | 000,021,504 | ---- | M] (Microsoft)
 cob-au.rs -> C:\Windows\SysWow64\cob-au.rs -> [2012/12/07 04:46:37 | 000,040,960 | ---- | M] (Microsoft)
 djctq.rs -> C:\Windows\SysWow64\djctq.rs -> [2012/12/07 04:46:37 | 000,015,360 | ---- | M] (Microsoft)
 cero.rs -> C:\Windows\SysWow64\cero.rs -> [2012/12/07 04:46:36 | 000,055,296 | ---- | M] (Microsoft)
 esrb.rs -> C:\Windows\SysWow64\esrb.rs -> [2012/12/07 04:46:36 | 000,051,712 | ---- | M] (Microsoft)
 wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2012/11/29 23:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation)
 wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2012/11/29 23:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation)
 wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2012/11/29 23:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation)
 winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2012/11/29 23:45:14 | 000,215,040 | ---- | M] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysNative\ntvdm64.dll -> [2012/11/29 23:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation)
 kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2012/11/29 23:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation)
 KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2012/11/29 23:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2012/11/29 22:54:00 | 000,005,120 | ---- | M] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2012/11/29 21:23:48 | 000,338,432 | ---- | M] (Microsoft Corporation)
 setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2012/11/29 20:44:06 | 000,025,600 | ---- | M] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2012/11/29 20:44:04 | 000,014,336 | ---- | M] (Microsoft Corporation)
 instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2012/11/29 20:44:04 | 000,007,680 | ---- | M] (Microsoft Corporation)
 user.exe -> C:\Windows\SysWow64\user.exe -> [2012/11/29 20:44:03 | 000,002,048 | ---- | M] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll -> [2012/11/29 20:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll -> [2012/11/29 20:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll -> [2012/11/29 20:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll -> [2012/11/29 20:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation)
 taskhost.exe -> C:\Windows\SysNative\taskhost.exe -> [2012/11/22 21:13:57 | 000,068,608 | ---- | M] (Microsoft Corporation)
 usp10.dll -> C:\Windows\SysNative\usp10.dll -> [2012/11/21 23:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation)
 ncrypt.dll -> C:\Windows\SysNative\ncrypt.dll -> [2012/11/19 23:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2012/11/14 00:11:44 | 002,312,704 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2012/11/14 00:02:49 | 001,494,528 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2012/11/14 00:02:04 | 000,237,056 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2012/11/13 23:58:36 | 000,816,640 | ---- | M] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2012/11/13 23:57:46 | 000,599,040 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2012/11/13 23:57:35 | 000,173,056 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2012/11/13 23:55:26 | 000,729,088 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2012/11/13 23:53:22 | 000,096,768 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2012/11/13 23:46:25 | 000,248,320 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2012/11/13 19:58:15 | 001,427,968 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2012/11/13 19:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2012/11/13 19:49:25 | 000,142,848 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2012/11/13 19:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2012/11/13 19:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2012/11/13 19:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation)
 DivXControlPanelApplet.cpl -> C:\Windows\SysWow64\DivXControlPanelApplet.cpl -> [2012/11/13 14:29:04 | 000,354,216 | ---- | M] (DivX, Inc.)
 Resmon.ResmonCfg -> C:\Users\thorandai\AppData\Local\Resmon.ResmonCfg -> [2012/11/11 13:38:37 | 000,007,600 | ---- | M] ()
 win32spl.dll -> C:\Windows\SysNative\win32spl.dll -> [2012/11/08 23:45:32 | 000,750,592 | ---- | M] (Microsoft Corporation)
 win32spl.dll -> C:\Windows\SysWow64\win32spl.dll -> [2012/11/08 22:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation)
 Guild Wars 2.lnk -> C:\Users\Public\Desktop\Guild Wars 2.lnk -> [2012/11/08 21:03:37 | 000,000,936 | ---- | M] ()
 npDeployJava1.dll -> C:\Windows\SysWow64\npDeployJava1.dll -> [2012/11/08 19:48:04 | 000,821,736 | ---- | M] (Oracle Corporation)
 deployJava1.dll -> C:\Windows\SysWow64\deployJava1.dll -> [2012/11/08 19:48:04 | 000,746,984 | ---- | M] (Oracle Corporation)
 javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2012/11/08 19:48:04 | 000,246,760 | ---- | M] (Oracle Corporation)
 javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2012/11/08 19:48:04 | 000,174,056 | ---- | M] (Oracle Corporation)
 java.exe -> C:\Windows\SysWow64\java.exe -> [2012/11/08 19:48:04 | 000,174,056 | ---- | M] (Oracle Corporation)
 WindowsAccessBridge-32.dll -> C:\Windows\SysWow64\WindowsAccessBridge-32.dll -> [2012/11/08 19:48:04 | 000,095,208 | ---- | M] (Oracle Corporation)
 config.nt -> C:\Windows\SysWow64\config.nt -> [2012/11/03 17:08:48 | 000,000,000 | ---- | M] ()
 dpnet.dll -> C:\Windows\SysNative\dpnet.dll -> [2012/11/01 23:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation)
 dpnet.dll -> C:\Windows\SysWow64\dpnet.dll -> [2012/11/01 23:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation)
 extensions.sqlite -> C:\extensions.sqlite -> [2012/11/01 20:58:25 | 000,000,000 | ---- | M] ()
 aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2012/10/30 16:51:56 | 000,059,728 | ---- | M] (AVAST Software)
 aswSnx.sys -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2012/10/30 16:51:55 | 000,984,144 | ---- | M] (AVAST Software)
 aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2012/10/30 16:51:55 | 000,370,288 | ---- | M] (AVAST Software)
 aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2012/10/30 16:51:55 | 000,071,600 | ---- | M] (AVAST Software)
 aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2012/10/30 16:51:53 | 000,025,232 | ---- | M] (AVAST Software)
 avastSS.scr -> C:\Windows\avastSS.scr -> [2012/10/30 16:51:07 | 000,041,224 | ---- | M] (AVAST Software)
 aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2012/10/30 16:50:59 | 000,227,648 | ---- | M] (AVAST Software)
 aswBoot.exe -> C:\Windows\SysNative\aswBoot.exe -> [2012/10/30 16:50:30 | 000,285,328 | ---- | M] (AVAST Software)
 3 C:\Users\thorandai\AppData\Local\Temp\*.tmp files -> C:\Users\thorandai\AppData\Local\Temp\*.tmp -> 
 2 C:\*.tmp files -> C:\*.tmp -> 
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files - No Company Name]
 PEV.exe -> C:\Windows\PEV.exe -> [2013/01/13 12:10:05 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2013/01/13 12:10:05 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2013/01/13 12:10:05 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2013/01/13 12:10:05 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2013/01/13 12:10:05 | 000,068,096 | ---- | C] ()
 0bjwx32o.exe -> C:\Users\thorandai\Desktop\0bjwx32o.exe -> [2013/01/12 21:48:38 | 000,365,568 | ---- | C] ()
 bootsqm.dat -> C:\bootsqm.dat -> [2013/01/12 13:00:44 | 000,003,304 | ---- | C] ()
 PortalGun.rtf -> C:\Users\thorandai\Documents\PortalGun.rtf -> [2012/12/25 02:12:51 | 000,006,150 | ---- | C] ()
 END -> C:\END -> [2012/12/12 20:00:56 | 000,000,009 | ---- | C] ()
 MsftWdf_Kernel_01011_Inbox_Critical.Wdf -> C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf -> [2012/11/16 03:05:17 | 000,000,003 | ---- | C] ()
 MsftWdf_User_01_11_00_Inbox_Critical.Wdf -> C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf -> [2012/11/16 03:00:30 | 000,000,003 | ---- | C] ()
 Guild Wars 2.lnk -> C:\Users\Public\Desktop\Guild Wars 2.lnk -> [2012/11/08 21:03:37 | 000,000,936 | ---- | C] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/11/04 13:52:34 | 000,001,113 | ---- | C] ()
 extensions.sqlite -> C:\extensions.sqlite -> [2012/11/01 20:58:25 | 000,000,000 | ---- | C] ()
 igdde32.dll -> C:\Windows\SysWow64\igdde32.dll -> [2012/10/10 02:22:34 | 000,064,512 | ---- | C] ()
 igvpkrng600.bin -> C:\Windows\SysWow64\igvpkrng600.bin -> [2012/10/10 02:22:28 | 000,272,928 | ---- | C] ()
 igcodeckrng600.bin -> C:\Windows\SysWow64\igcodeckrng600.bin -> [2012/10/10 02:22:20 | 000,963,452 | ---- | C] ()
 fusioncache.dat -> C:\Users\thorandai\AppData\Local\fusioncache.dat -> [2012/08/03 19:04:32 | 000,000,097 | ---- | C] ()
 pbsvc.exe -> C:\Windows\SysWow64\pbsvc.exe -> [2012/08/03 18:58:15 | 000,669,184 | ---- | C] ()
 Resmon.ResmonCfg -> C:\Users\thorandai\AppData\Local\Resmon.ResmonCfg -> [2012/06/30 16:54:18 | 000,007,600 | ---- | C] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2012/04/21 15:48:12 | 000,772,558 | ---- | C] ()
 GPlrLanc.dat -> C:\Windows\GPlrLanc.dat -> [2012/03/28 04:25:14 | 000,000,064 | ---- | C] ()
 icarus-dxdiag.xml -> C:\Users\thorandai\AppData\Roaming\icarus-dxdiag.xml -> [2012/03/21 23:42:04 | 000,093,282 | ---- | C] ()
 hash.dat -> C:\ProgramData\hash.dat -> [2012/03/14 20:35:01 | 000,000,032 | R--- | C] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2012/03/10 13:49:46 | 000,281,688 | ---- | C] ()
 PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2012/03/10 13:49:46 | 000,076,888 | ---- | C] ()
 pbsvc_bc2.exe -> C:\Windows\SysWow64\pbsvc_bc2.exe -> [2012/03/10 13:49:45 | 002,434,856 | ---- | C] ()
 igcompkrng600.bin -> C:\Windows\SysWow64\igcompkrng600.bin -> [2012/03/09 18:16:59 | 000,145,804 | ---- | C] ()
 lgfwup.ini -> C:\Windows\lgfwup.ini -> [2012/03/08 19:44:15 | 000,000,344 | ---- | C] ()
 igkrng600.bin -> C:\Windows\SysWow64\igkrng600.bin -> [2012/02/14 19:47:06 | 000,963,912 | ---- | C] ()
 igfcg600m.bin -> C:\Windows\SysWow64\igfcg600m.bin -> [2012/02/14 19:47:06 | 000,261,208 | ---- | C] ()
 xlive.dll.cat -> C:\Windows\SysWow64\xlive.dll.cat -> [2011/09/28 18:44:14 | 000,179,271 | ---- | C] ()
< End of report >
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
sorry can you attach the ots log as a reply please. it is just too long to copy & paste so I can work with it
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Start OTS. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


Code:
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> 
YN -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\: Main\\"Start Page" -> http://search.babylon.com/?affID=114733&tt=5112_3&babsrc=HP_ss&mntrId=bc1d934a00000000000000ffb8210817
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {2EECD738-5844-4a99-B4B6-146BF802613B} [HKLM] -> [Babylon toolbar helper]
YN -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] -> [Webroot Browser Helper Object]
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{97ab88ef-346b-4179-a0b1-7445896547a5}" [HKLM] -> [Webroot Toolbar]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{97ab88ef-346b-4179-a0b1-7445896547a5}" [HKLM] -> [Webroot Toolbar]
YN -> "{98889811-442D-49dd-99D7-DC866BE87DBC}" [HKLM] -> [Babylon Toolbar]
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] -> [Button: Webroot]
YN -> {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] -> [Menu: Webroot]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] -> [Button: Webroot]
YN -> {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] -> [Menu: Webroot]
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
YN -> TCP Query User{B072CBCC-19F5-49FF-A36F-99607FB598FF}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe -> profile=public | protocol=6 | dir=in | action=block | name=mcforge.exe | app=c:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe | 
YN -> TCP Query User{F24DAD95-9391-4A23-8954-6DF899DB6BF1}C:\users\thorandai\appdata\local\temp\gw2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
YN -> UDP Query User{3B331040-C891-4784-B8BC-144252206E04}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe -> profile=public | protocol=17 | dir=in | action=block | name=mcforge.exe | app=c:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe | 
YN -> UDP Query User{CE953562-0DA4-4AFA-A4D4-242187C7F85A}C:\users\thorandai\appdata\local\temp\gw2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
[Files/Folders - Created Within 90 Days]
NY ->  2 C:\*.tmp files -> C:\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files/Folders - Modified Within 90 Days]
NY ->  3 C:\Users\thorandai\AppData\Local\Temp\*.tmp files -> C:\Users\thorandai\AppData\Local\Temp\*.tmp
NY ->  2 C:\*.tmp files -> C:\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[ZipFiles]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
 

thorandai

Thread Starter
Joined
Jan 12, 2013
Messages
9
heres the log

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B072CBCC-19F5-49FF-A36F-99607FB598FF}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F24DAD95-9391-4A23-8954-6DF899DB6BF1}C:\users\thorandai\appdata\local\temp\gw2.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3B331040-C891-4784-B8BC-144252206E04}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CE953562-0DA4-4AFA-A4D4-242187C7F85A}C:\users\thorandai\appdata\local\temp\gw2.exe deleted successfully.
[Files/Folders - Created Within 90 Days]
C:\STF1AB0.tmp deleted successfully.
C:\STFEAFB.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
[Files/Folders - Modified Within 90 Days]
C:\Users\thorandai\AppData\Local\Temp\div848A.tmp folder deleted successfully.
C:\Users\thorandai\AppData\Local\Temp\div8F34.tmp folder deleted successfully.
C:\Users\thorandai\AppData\Local\Temp\div93E5.tmp folder deleted successfully.
C:\Users\thorandai\AppData\Local\Temp\divA063.tmp folder deleted successfully.
C:\Users\thorandai\AppData\Local\Temp\~DF0D7F837311E101E6.TMP deleted successfully.
C:\Users\thorandai\AppData\Local\Temp\~DF5DA01E513C5F08E7.TMP deleted successfully.
C:\Users\thorandai\AppData\Local\Temp\~DF774F215EFCBAF3E8.TMP deleted successfully.
[Empty Temp Folders]


User: All Users

User: Borderlands.2-SKIDROW
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: thorandai
->Temp folder emptied: 436480 bytes
->Temporary Internet Files folder emptied: 14738092 bytes
->Java cache emptied: 490333 bytes
->Google Chrome cache emptied: 349639559 bytes
->Flash cache emptied: 2750 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4026 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 7640097958 bytes

Total Files Cleaned = 7,635.00 mb


[EMPTYFLASH]

User: All Users

User: Borderlands.2-SKIDROW

User: Default

User: Default User

User: Public

User: thorandai
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Borderlands.2-SKIDROW

User: Default

User: Default User

User: Public

User: thorandai
->Java cache emptied: 0 bytes

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 01152013_160444

Files\Folders moved on Reboot...
C:\Users\thorandai\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


and also i dont know if it is connected but every once in a while my intenet unconnects due to a bad gateway so i have to do a fix on that if it happens again ill get a more detailed explanation
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top