1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Livesearchnow problem

Discussion in 'Virus & Other Malware Removal' started by MeanDeen, Feb 18, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. MeanDeen

    MeanDeen Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    8
    When I woke up this morning, I realized I somehow had gotten the livesearchnow redirect virus. Can't figure out how to get rid of it. Hopefully someone here can help me. I attached the HJT, DDS, and GMER files as requested. Please help.
     

    Attached Files:

  2. MeanDeen

    MeanDeen Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    8
    Whoops. Misread that stickied thread. Sorry about that. Here ya go.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:38:52 AM, on 2/18/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Program DJ\Wireless Switch\wlss.exe
    C:\Program Files (x86)\Program DJ\Wow Video&Audio\WVAMain.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\X3watch\x3watch.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    C:\Users\Dennes\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEPwdBankBHO - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
    O4 - HKLM\..\Run: [WLSS] C:\Program Files (x86)\Program DJ\Wireless Switch\WLSS.exe
    O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files (x86)\Program DJ\Wow Video&Audio\WVAMain.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [EgisTec] rundll32.exe "C:\Users\Dennes\AppData\Local\Temp\",CreateInstance
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [Akamai] rundll32 "C:\Users\Dennes\AppData\Local\VirtualStore\Akamai\kluaeuh.dll",DllRegisterServerW
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: aveosti.exe.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Dennes\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 14526 bytes

    *******************
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.6.2
    Run by Dennes at 10:40:12 on 2013-02-18
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8157.4599 [GMT -7:00]
    .
    AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Users\Dennes\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Program DJ\Wireless Switch\wlss.exe
    C:\Program Files (x86)\Program DJ\Wow Video&Audio\WVAMain.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\X3watch\x3watch.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = 127.0.0.1:9421;*.local
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    mWinlogon: Userinit = userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEPwdBankBHO Class: {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Akamai NetSession Interface] "C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe"
    uRun: [EgisTec] rundll32.exe "C:\Users\Dennes\AppData\Local\Temp\",CreateInstance
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [Akamai] rundll32 "C:\Users\Dennes\AppData\Local\VirtualStore\Akamai\kluaeuh.dll",DllRegisterServerW
    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
    mRun: [WLSS] C:\Program Files (x86)\Program DJ\Wireless Switch\WLSS.exe
    mRun: [Wow Video&Audio] C:\Program Files (x86)\Program DJ\Wow Video&Audio\WVAMain.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [vitzo] <no file>
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVEOST~1.LNK - C:\Program Files (x86)\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{31BF894D-B7DC-4F59-8391-547E07951272} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{564FC27C-5B45-4182-B400-9C0CEF145CD4} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{564FC27C-5B45-4182-B400-9C0CEF145CD4}\2656C6B696E6E253162346 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{564FC27C-5B45-4182-B400-9C0CEF145CD4}\46C696E6B6 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{564FC27C-5B45-4182-B400-9C0CEF145CD4}\771676E65627 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{564FC27C-5B45-4182-B400-9C0CEF145CD4}\D434343502759664960213 : DHCPNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter
    x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-29 39768]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-10 203264]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Dennes\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-7-12 107520]
    R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2009-7-23 701224]
    R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\Windows\System32\drivers\FPSensor.sys [2010-2-10 29184]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-3 2886528]
    R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-9 140128]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2009-11-25 61280]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
    S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 PTAPCBUS;Pantech Android USB Composite Device (PTAPC);C:\Windows\System32\drivers\PTAPCBUS.sys [2012-8-23 105528]
    S3 PTAPCMDM;Pantech Android USB Modem Drivers (PTAPC);C:\Windows\System32\drivers\PTAPCMDM.sys [2012-8-23 183864]
    S3 PTAPCVSP;Pantech Android USB Serial Port (PTAPC);C:\Windows\System32\drivers\PTAPCVSP.sys [2012-8-23 183864]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-14 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-02-18 17:20:14 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2013-02-18 05:52:16 -------- d-----w- C:\Users\Dennes\AppData\Roaming\Complitly
    2013-02-18 05:52:16 -------- d-----w- C:\Program Files (x86)\Complitly
    2013-02-18 05:52:07 -------- d-----w- C:\Users\Dennes\AppData\Roaming\OpenCandy
    2013-02-18 05:50:57 -------- d-----w- C:\Program Files (x86)\Conduit
    2013-02-18 05:50:38 -------- d-----w- C:\Users\Dennes\AppData\Local\Conduit
    2013-02-18 05:50:36 -------- d-----w- C:\Program Files (x86)\Somoto
    2013-02-17 06:00:31 180736 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\FE49.tmp.dat
    2013-02-16 17:19:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-02-16 17:19:14 -------- d-----w- C:\Program Files\iTunes
    2013-02-16 17:19:14 -------- d-----w- C:\Program Files\iPod
    2013-02-16 17:19:14 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-02-16 17:16:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2013-02-16 17:16:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2013-02-16 17:16:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-02-16 17:16:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-02-16 17:16:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-02-16 17:16:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-02-16 17:16:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2013-02-14 18:15:06 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 18:15:06 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 18:11:59 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
    2013-02-14 00:22:03 5500776 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-02-14 00:22:01 3957608 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-09 04:46:49 40960 ----a-w- C:\Windows\SysWow64\SocTex.ocx
    2013-02-09 04:46:11 1227264 ----a-w- C:\Windows\SysWow64\dx8vb.dll
    2013-02-09 04:46:11 108336 ----a-w- C:\Windows\SysWow64\MSWINSCK.OCX
    2013-02-09 04:46:11 -------- d-----w- C:\Program Files (x86)\PDoD
    2013-01-31 02:07:57 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
    2013-01-31 02:07:57 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
    .
    ==================== Find3M ====================
    .
    2013-02-18 17:20:04 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-02-17 06:01:24 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-17 06:01:24 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-05 05:02:17 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 05:41:01 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-04 05:40:54 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-01-04 05:37:01 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2013-01-04 05:37:00 243200 ----a-w- C:\Windows\System32\wow64.dll
    2013-01-04 05:37:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2013-01-04 05:36:33 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 05:33:49 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2013-01-04 05:30:34 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-01-04 05:27:03 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-01-04 05:27:02 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-01-04 05:27:01 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-04 05:27:01 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-01-04 05:27:00 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-04 05:27:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-04 05:27:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-01-04 04:51:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:51:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2013-01-04 03:22:49 3150848 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 03:19:55 338432 ----a-w- C:\Windows\System32\conhost.exe
    2013-01-04 02:48:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:48:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:48:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-04 02:48:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:43:35 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-04 02:43:34 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2013-01-04 02:43:34 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-04 02:43:34 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
    2012-11-22 10:32:45 801280 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 09:33:26 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
    .
    ============= FINISH: 10:40:38.63 ==============
     
  3. MeanDeen

    MeanDeen Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    8
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/14/2010 8:20:22 AM
    System Uptime: 2/17/2013 12:55:54 PM (22 hours ago)
    .
    Motherboard: | | KHLB2
    Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | U2E1 | 2801/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 464 GiB total, 274.95 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: 802.11bgn 1T2R Mini Card Wireless Adapter
    Device ID: PCI\VEN_1814&DEV_0781&SUBSYS_68901462&REV_00\4&206E8C4A&0&00E2
    Manufacturer: Ralink Technology, Corp.
    Name: 802.11bgn 1T2R Mini Card Wireless Adapter
    PNP Device ID: PCI\VEN_1814&DEV_0781&SUBSYS_68901462&REV_00\4&206E8C4A&0&00E2
    Service: netr28x
    .
    ==== System Restore Points ===================
    .
    RP329: 1/30/2013 7:07:35 PM - Installed DirectX
    RP330: 2/14/2013 11:11:09 AM - Windows Update
    RP331: 2/16/2013 1:18:15 PM - Configured FINAL FANTASY XI
    RP332: 2/16/2013 1:35:48 PM - Configured FINAL FANTASY XI: Chains of Promathia
    RP333: 2/16/2013 7:49:30 PM - Configured FINAL FANTASY XI: Rise of the Zilart
    RP334: 2/16/2013 7:50:11 PM - Configured FINAL FANTASY XI: Treasures of Aht Urhgan
    RP335: 2/16/2013 7:55:45 PM - Configured FINAL FANTASY XI: Wings of the Goddess
    RP336: 2/16/2013 8:04:54 PM - Configured PlayOnline Viewer & Tetra Master
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    64 Bit HP CIO Components Installer
    7-Zip 9.21
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.0
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    AveoCap
    AVG 2013
    Bandisoft MPEG-1 Decoder
    Bastion
    BioExcess
    Bonjour
    BufferChm
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Copy
    Dawn of War - Dark Crusade
    Dawn of War - Soulstorm
    DefaultTab
    Destinations
    DeviceDiscovery
    DJ_AIO_06_F2400_SW_Min
    EMSC
    ENE CIR Receiver Driver
    F2400
    Fallout Collection
    FINAL FANTASY XIV
    FTL: Faster Than Light
    Google Update Helper
    HP Customer Participation Program 13.0
    HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
    HP Imaging Device Functions 13.0
    HP Print Projects 1.0
    HP Smart Web Printing 4.5
    HP Update
    HPPhotoGadget
    hpPrintProjects
    HPSSupply
    hpWLPGInstaller
    iTunes
    J2SE Runtime Environment 5.0 Update 17
    Java 7 Update 6
    Java Auto Updater
    JMicron Flash Media Controller Driver
    Logitech Gaming Software 5.10
    MarketResearch
    Master of Orion 1 and 2
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Xbox 360 Accessories 1.1
    MobileMe Control Panel
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Nexon Game Manager
    NVIDIA PhysX
    Pando Media Booster
    Pantech USB Driver for Android phones ver1
    PDoD Uninstallation
    Project64 1.6
    QuickTime
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Shop for HP Supplies
    SmartWebPrinting
    Status
    Steam
    TeamViewer 7
    The Lord of the Rings Online&#8482; v03.04.04.8012
    Toolbox
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Verizon Tool Launcher for ADR910L
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    Warhammer 40,000: Dawn Of War - Gold Edition
    Warhammer® 40,000â&#8222;¢: Dawn of War® II
    Warhammer® 40,000â&#8222;¢: Dawn of War® II â&#8364;&#8220; Chaos Risingâ&#8222;¢
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinZip 16.5
    Wireless Switch 2
    WModem Driver Installer
    Wow Video&Audio utility
    X3watch 5.0.10
    yWriter5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/17/2013 5:44:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    2/17/2013 3:29:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer7 service.
    2/17/2013 3:29:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    2/16/2013 10:23:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    2/16/2013 10:23:55 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/16/2013 10:22:26 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    2/16/2013 10:18:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    2/16/2013 10:17:21 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/16/2013 10:17:07 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/15/2013 9:38:05 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    2/14/2013 11:10:48 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EgisTec Service service.
    .
    ==== End Of File ===========================

    ************

    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-18 12:27:25
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1 465.76GB
    Running: 8s75vk2z.exe; Driver: C:\Users\Dennes\AppData\Local\Temp\uwdirpog.sys

    ---- User code sections - GMER 2.1 ----
    .text C:\Windows\SysWOW64\svchost.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Windows\SysWOW64\svchost.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Steam\steam.exe[3220] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007529549c 5 bytes JMP 0000000100190800
    ? C:\Windows\system32\mssprxy.dll [3220] entry point in ".rdata" section 0000000074af71e6
    .text C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe[3228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe[3228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Program DJ\Wow Video&Audio\WVAMain.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Program Files (x86)\Program DJ\Wow Video&Audio\WVAMain.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\X3watch\x3watch.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Program Files (x86)\X3watch\x3watch.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2428] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007529549c 5 bytes JMP 0000000100080800
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Windows\SysWOW64\rundll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Windows\SysWOW64\rundll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075a73f54 5 bytes JMP 000000016a589ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075a82a3e 5 bytes JMP 000000016a6d8f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075a82a62 5 bytes JMP 000000016a4e1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075aacc1a 5 bytes JMP 000000016a6d8ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075aacf72 5 bytes JMP 000000016a6d8f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075abfd61 5 bytes JMP 000000016a6d8e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075abfe2d 5 bytes JMP 000000016a6d8ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075abfe66 5 bytes JMP 000000016a6d8d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075abfe8a 5 bytes JMP 000000016a6d8d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075a19404 5 bytes JMP 000000016a6d9150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000070977c30 5 bytes JMP 000000016a6d9000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000070a17bb2 5 bytes JMP 000000016a6d90a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7096] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075c49a4c 5 bytes JMP 000000016a6d9348
    ? C:\Windows\system32\mssprxy.dll [7096] entry point in ".rdata" section 0000000074af71e6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000774e260d 6 bytes JMP 000000016a5a8054
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000774f2a93 6 bytes JMP 000000016a54980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075181ea8 5 bytes JMP 000000016a5475e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075a68b9a 5 bytes JMP 000000016a5b03df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075a6a5e6 5 bytes JMP 000000016a553643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075a72902 5 bytes JMP 000000016a52ddb3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075a73f54 5 bytes JMP 000000016a589ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a74858 5 bytes JMP 000000016a52dedd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000075a795fa 5 bytes JMP 000000016a6d9310
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000075a7b1dd 5 bytes JMP 000000016a6d92d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!EndDialog 0000000075a7c184 5 bytes JMP 000000016a6d9ca6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a806b3 5 bytes JMP 000000016a5825b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075a80a8f 5 bytes JMP 000000016a6d92a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075a82174 5 bytes JMP 000000016a6d99fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075a82a3e 5 bytes JMP 000000016a6d8f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075a82a62 5 bytes JMP 000000016a4e1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075a87051 5 bytes JMP 000000016a6d99d2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075a8711b 5 bytes JMP 000000016a6d9268
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075a8f006 5 bytes JMP 000000016a5a7ff1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a90efc 5 bytes JMP 000000016a5ced14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a9195e 5 bytes JMP 000000016a6da269
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000075a924db 5 bytes JMP 000000016a6da2c1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075aa9c8d 5 bytes JMP 000000016a6da342
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075aacc1a 5 bytes JMP 000000016a6d8ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075aacf72 5 bytes JMP 000000016a6d8f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075abfd61 5 bytes JMP 000000016a6d8e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075abfe2d 5 bytes JMP 000000016a6d8ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075abfe66 5 bytes JMP 000000016a6d8d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075abfe8a 5 bytes JMP 000000016a6d8d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075ac044f 5 bytes JMP 000000016a6da226
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075015bf6 5 bytes JMP 000000016a6d9704
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000759b3e59 5 bytes JMP 000000016a6d97fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000759b3eae 5 bytes JMP 000000016a6d987a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000759b4731 5 bytes JMP 000000016a6d976e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000759b5dee 5 bytes JMP 000000016a6d981a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075a19404 5 bytes JMP 000000016a6d9150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000070977c30 5 bytes JMP 000000016a6d9000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000070a17bb2 5 bytes JMP 000000016a6d90a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075c49a4c 5 bytes JMP 000000016a6d9348
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000075c527be 5 bytes JMP 000000016a6d94b8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5304] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000075c540fc 5 bytes JMP 000000016a6d93ec
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000774e260d 6 bytes JMP 000000016a5a8054
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000774f2a93 6 bytes JMP 000000016a54980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075181ea8 5 bytes JMP 000000016a5475e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075a68b9a 5 bytes JMP 000000016a5b03df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075a6a5e6 5 bytes JMP 000000016a553643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075a72902 5 bytes JMP 000000016a52ddb3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075a73f54 5 bytes JMP 000000016a589ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a74858 5 bytes JMP 000000016a52dedd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000075a795fa 5 bytes JMP 000000016a6d9310
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000075a7b1dd 5 bytes JMP 000000016a6d92d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!EndDialog 0000000075a7c184 5 bytes JMP 000000016a6d9ca6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a806b3 5 bytes JMP 000000016a5825b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075a80a8f 5 bytes JMP 000000016a6d92a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075a82174 5 bytes JMP 000000016a6d99fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075a82a3e 5 bytes JMP 000000016a6d8f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075a82a62 5 bytes JMP 000000016a4e1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075a87051 5 bytes JMP 000000016a6d99d2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075a8711b 5 bytes JMP 000000016a6d9268
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075a8f006 5 bytes JMP 000000016a5a7ff1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a90efc 5 bytes JMP 000000016a5ced14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a9195e 5 bytes JMP 000000016a6da269
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000075a924db 5 bytes JMP 000000016a6da2c1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075aa9c8d 5 bytes JMP 000000016a6da342
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075aacc1a 5 bytes JMP 000000016a6d8ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075aacf72 5 bytes JMP 000000016a6d8f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075abfd61 5 bytes JMP 000000016a6d8e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075abfe2d 5 bytes JMP 000000016a6d8ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075abfe66 5 bytes JMP 000000016a6d8d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075abfe8a 5 bytes JMP 000000016a6d8d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075ac044f 5 bytes JMP 000000016a6da226
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075015bf6 5 bytes JMP 000000016a6d9704
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000759b3e59 5 bytes JMP 000000016a6d97fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000759b3eae 5 bytes JMP 000000016a6d987a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000759b4731 5 bytes JMP 000000016a6d976e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000759b5dee 5 bytes JMP 000000016a6d981a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075a19404 5 bytes JMP 000000016a6d9150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000070977c30 5 bytes JMP 000000016a6d9000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000070a17bb2 5 bytes JMP 000000016a6d90a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075c49a4c 5 bytes JMP 000000016a6d9348
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000075c527be 5 bytes JMP 000000016a6d94b8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1700] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000075c540fc 5 bytes JMP 000000016a6d93ec
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000774e260d 6 bytes JMP 000000016a5a8054
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000774f2a93 6 bytes JMP 000000016a54980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075181ea8 5 bytes JMP 000000016a5475e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075a68b9a 5 bytes JMP 000000016a5b03df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075a6a5e6 5 bytes JMP 000000016a553643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075a72902 5 bytes JMP 000000016a52ddb3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075a73f54 5 bytes JMP 000000016a589ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075a74858 5 bytes JMP 000000016a52dedd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000075a795fa 5 bytes JMP 000000016a6d9310
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000075a7b1dd 5 bytes JMP 000000016a6d92d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!EndDialog 0000000075a7c184 5 bytes JMP 000000016a6d9ca6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a806b3 5 bytes JMP 000000016a5825b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075a80a8f 5 bytes JMP 000000016a6d92a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075a82174 5 bytes JMP 000000016a6d99fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075a82a3e 5 bytes JMP 000000016a6d8f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075a82a62 5 bytes JMP 000000016a4e1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075a87051 5 bytes JMP 000000016a6d99d2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075a8711b 5 bytes JMP 000000016a6d9268
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075a8f006 5 bytes JMP 000000016a5a7ff1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a90efc 5 bytes JMP 000000016a5ced14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!SendInput 0000000075a9195e 5 bytes JMP 000000016a6da269
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000075a924db 5 bytes JMP 000000016a6da2c1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075aa9c8d 5 bytes JMP 000000016a6da342
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075aacc1a 5 bytes JMP 000000016a6d8ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075aacf72 5 bytes JMP 000000016a6d8f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075abfd61 5 bytes JMP 000000016a6d8e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075abfe2d 5 bytes JMP 000000016a6d8ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075abfe66 5 bytes JMP 000000016a6d8d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075abfe8a 5 bytes JMP 000000016a6d8d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075ac044f 5 bytes JMP 000000016a6da226
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075015bf6 5 bytes JMP 000000016a6d9704
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000759b3e59 5 bytes JMP 000000016a6d97fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000759b3eae 5 bytes JMP 000000016a6d987a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000759b4731 5 bytes JMP 000000016a6d976e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000759b5dee 5 bytes JMP 000000016a6d981a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075a19404 5 bytes JMP 000000016a6d9150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000070977c30 5 bytes JMP 000000016a6d9000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000070a17bb2 5 bytes JMP 000000016a6d90a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075c49a4c 5 bytes JMP 000000016a6d9348
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000075c527be 5 bytes JMP 000000016a6d94b8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000075c540fc 5 bytes JMP 000000016a6d93ec
    ---- Registry - GMER 2.1 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e67fbef
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158b604e2
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e67fbef (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158b604e2 (not active ControlSet)
    ---- EOF - GMER 2.1 ----
     
  4. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello MeanDeen,

    Welcome to TSG.

    Please run a free online scan with the ESET Online Scanner

    Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

    Note: This scan works with Internet Explorer or Mozilla FireFox.

    If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    • Click the green ESET Online Scanner box
    • Tick the box next to YES, I accept the Terms of Use
      then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start
    • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close, make sure you copy the logfile first!
    • Then click on: Finish
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.
     
  5. MeanDeen

    MeanDeen Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    8
    Thanks so much for helping me. Is this what you were asking for?

    [email protected] as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # version=8
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=e1e713d41a94f6479d5932b6c398aa06
    # engine=13195
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-02-20 01:05:50
    # local_time=2013-02-19 06:05:50 (-0700, US Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=1045 16777213 100 94 0 47502334 0 0
    # compatibility_mode=5893 16776574 100 94 22177099 112865800 0 0
    # scanned=425610
    # found=31
    # cleaned=0
    # scan_time=7189
    sh=A9D051178E900A214DCC4FA8965EF62376F547FC ft=1 fh=10459e5f201f98ac vn="Win32/Adware.1ClickDownload.E application" ac=I fn="C:\Program Files (x86)\1ClickDownload\ocmainpack.exe"
    sh=0D68CE0E9558040269265C6A01D39ECA6E9220DE ft=1 fh=fa9cd4ee80ea0f1a vn="a variant of Win32/Kryptik.AOHY trojan" ac=I fn="C:\ProgramData\Microsoft\Windows\DRM\5EFD.tmp.dat"
    sh=FCAFB0D2B4B7C85291B5ED994325BFF18C0EC005 ft=1 fh=2e41db16dfbb7d21 vn="Win32/Olmarik.AYD trojan" ac=I fn="C:\ProgramData\Microsoft\Windows\DRM\FE49.tmp.dat"
    sh=0D68CE0E9558040269265C6A01D39ECA6E9220DE ft=1 fh=fa9cd4ee80ea0f1a vn="a variant of Win32/Kryptik.AOHY trojan" ac=I fn="C:\Users\All Users\Microsoft\Windows\DRM\5EFD.tmp.dat"
    sh=FCAFB0D2B4B7C85291B5ED994325BFF18C0EC005 ft=1 fh=2e41db16dfbb7d21 vn="Win32/Olmarik.AYD trojan" ac=I fn="C:\Users\All Users\Microsoft\Windows\DRM\FE49.tmp.dat"
    sh=C9D23CAB5AA041803B6938ED18292B954921DF31 ft=0 fh=0000000000000000 vn="Win32/BHO.OEI trojan" ac=I fn="C:\Users\Dennes\AppData\Local\Google\Chrome\User Data\Default\Default\aageggdedhdhgbddgededgdededjdggg\background.html"
    sh=64006EBCE1669C4497378D4EBF31C70A2153B2A2 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Users\Dennes\AppData\Local\Google\Chrome\User Data\Default\Default\aageggdedhdhgbddgededgdededjdggg\background.js"
    sh=DE069B1F515C20517E8A2A54011ABD2D6711A7D6 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Dennes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MP3K5Y6A\stubinst_pkg_en-us[1].cab"
    sh=3451A1ACDB9D6C4520923E732A6D7993E8197383 ft=1 fh=ed2a770def16c842 vn="a variant of Win32/Somoto.A application" ac=I fn="C:\Users\Dennes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5QBHX76\FreeYouTubeDownloaderInstaller.exe"
    sh=CF2F7899B42610CA711D10E773FCF0B9CAD0693B ft=1 fh=c89c95f871ca1b26 vn="a variant of Win32/Kryptik.AIZP trojan" ac=I fn="C:\Users\Dennes\AppData\Local\Temp\0.2697682064328172"
    sh=593C4496AA0E938E8AADB18CAAE5EB68E278810E ft=1 fh=20406d1dbfb52871 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Dennes\AppData\Local\Temp\3145.tmp"
    sh=FCAFB0D2B4B7C85291B5ED994325BFF18C0EC005 ft=1 fh=2e41db16dfbb7d21 vn="Win32/Olmarik.AYD trojan" ac=I fn="C:\Users\Dennes\AppData\Local\Temp\7198.tmp"
    sh=3222E8DAB740BA1D640CC66A9CD36070969DEB80 ft=1 fh=c71c0011469aa6c7 vn="a variant of Win32/Somoto.A application" ac=I fn="C:\Users\Dennes\AppData\Local\Temp\BetterInstaller.exe"
    sh=DE6D58A2678388A57BEF7BE2E033376681D0E912 ft=1 fh=9fc0761f9b872705 vn="multiple threats" ac=I fn="C:\Users\Dennes\AppData\Local\Temp\Coupon-Caddy-ppi-US.exe"
    sh=0D68CE0E9558040269265C6A01D39ECA6E9220DE ft=1 fh=fa9cd4ee80ea0f1a vn="a variant of Win32/Kryptik.AOHY trojan" ac=I fn="C:\Users\Dennes\AppData\Local\Temp\DDC1.tmp"
    sh=A426A9F68A91311842231DA736BDB0D98C563C78 ft=1 fh=07695b25355574b4 vn="a variant of Win32/Toolbar.Babylon.A application" ac=I fn="C:\Users\Dennes\AppData\Local\Temp\DeltaTB.exe"
    sh=85DB69551E8BDA116A86E852F6706B0D97CF0C55 ft=1 fh=bf1d48fd7e38fe2c vn="a variant of Win32/DealPly.A application" ac=I fn="C:\Users\Dennes\AppData\Local\Temp\dp.exe"
    sh=027DF2D2944EA506A71D61928674C2CC42A8FE69 ft=1 fh=4c97c45eed1dce37 vn="Win32/Toolbar.Babylon application" ac=I fn="C:\Users\Dennes\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe"
    sh=A717417EEEB416C4A65AA265F43A1BDE1C88B93E ft=1 fh=6f486956c83e22aa vn="Win32/OpenCandy application" ac=I fn="C:\Users\Dennes\AppData\Local\Temp\is-TSAAI.tmp\OCSetupHlp.dll"
    sh=4263A7CF345207583170FCD010DFA47A4DE1CDF8 ft=1 fh=c946422de7e22604 vn="Win32/Toolbar.Zugo application" ac=I fn="C:\Users\Dennes\AppData\Local\Temp\~nsu.tmp\Au_.exe"
    sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan" ac=I fn="C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected]"
    sh=1BE8D19F044D98320BBB7A0942924735233BCD26 ft=1 fh=1a64171e126b0516 vn="Win64/Agent.BA trojan" ac=I fn="C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected]"
    sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B trojan" ac=I fn="C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected]"
    sh=5492F7AD4D9E77F298514B97E75BB337D67C02C7 ft=1 fh=e59acdb46a64a0cc vn="Win64/Sirefef.AP trojan" ac=I fn="C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected]"
    sh=2268FD1879ABF16EE9719F1E9805F63F825ED664 ft=1 fh=02c9b0bb43052368 vn="a variant of Win32/Sirefef.FD trojan" ac=I fn="C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected]"
    sh=A07EBD60D2A0DF9DE9C0AB73473A1476E26C4F74 ft=1 fh=dae83099cb646e55 vn="Win64/Sirefef.AN trojan" ac=I fn="C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected]"
    sh=089063FA12C588BE91E9B6F3F624E633498045D2 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Dennes\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120528100235643.rsc"
    sh=E585F010BC4002440EB8DE8D81045D5F6BF41675 ft=1 fh=ca8f7937dc987d4b vn="a variant of Win32/Adware.iBryte.C application" ac=I fn="C:\Users\Dennes\Downloads\Setup.exe"
    sh=39838AEC48880A63CAD00058E486E11D1C9F9A1B ft=1 fh=aab3de1a0fd37ccb vn="Win32/OpenCandy application" ac=I fn="C:\Users\Dennes\Downloads\winzip155.exe"
    sh=6863BEF296E265704E9786AD74B041251D7E4A47 ft=1 fh=75271d3e89b5573a vn="a variant of Win32/OpenInstall application" ac=I fn="C:\Users\Dennes\Downloads\WinZip165International.exe"
    sh=6F3641C43828327D5174989D59984EDF9D005A94 ft=1 fh=51f32da911835bbb vn="Win32/Adware.1ClickDownload.G application" ac=I fn="C:\Users\Dennes\Downloads\ePSXe170\bios\PS1)_BIOS_and_Firmware_Files.exe"
     
  6. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    yep, that is the one. :)

    Now

    Download RogueKiller to your desktop

    Note: This is a French tool so don't be surprised when you find the page displays with some French.

    • Quit all running programs
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • Wait until Prescan has finished...
    • Click on Scan

      [​IMG]
    • Wait for the scan to finish.
    • The report is created on your desktop.
    • Click on the Delete button

      [​IMG]
    • The report is created on your desktop.
    • Next click on the ShortcutsFix button.

      [​IMG]
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    Please post the contents of all the RKreport.txt files from your desktop in your next Reply.

    After that

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    So when you return please post
    • RogueKiller logs
    • OTL txt
     
  7. MeanDeen

    MeanDeen Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    8
    Sorry it took so long to reply. Past two days have been crazy. Finally got home.

    Roguekiller:
    RogueKiller V8.5.1 _x64_ [Feb 19 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Dennes [Admin rights]
    Mode : Scan -- Date : 02/19/2013 20:10:36
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 9 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : EgisTec (rundll32.exe "C:\Users\Dennes\AppData\Local\Temp\",CreateInstance) [x] -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : Akamai (rundll32 "C:\Users\Dennes\AppData\Local\VirtualStore\Akamai\kluaeuh.dll",DllRegisterServerW) [-] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2072172789-2436193985-1107736940-1000[...]\Run : EgisTec (rundll32.exe "C:\Users\Dennes\AppData\Local\Temp\",CreateInstance) [x] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2072172789-2436193985-1107736940-1000[...]\Run : Akamai (rundll32 "C:\Users\Dennes\AppData\Local\VirtualStore\Akamai\kluaeuh.dll",DllRegisterServerW) [-] -> FOUND
    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
    [TASK][ROGUE ST] 4786 : wscript.exe C:\Users\Dennes\AppData\Local\Temp\launchie.vbs //B -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\n.) [x] -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\@ [-] --> FOUND
    [ZeroAccess][FOLDER] U : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\L --> FOUND
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST9500325AS ATA Device +++++
    --- User ---
    [MBR] a5b776b629081161762d36019ec5ea4b
    [BSP] a11820b318a8dc775dc9f5f69a1577d9 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 474898 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1]_S_02192013_02d2010.txt >>
    RKreport[1]_S_02192013_02d2010.txt

    *************

    RogueKiller V8.5.1 _x64_ [Feb 19 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Dennes [Admin rights]
    Mode : Remove -- Date : 02/19/2013 20:13:48
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : EgisTec (rundll32.exe "C:\Users\Dennes\AppData\Local\Temp\",CreateInstance) [x] -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : Akamai (rundll32 "C:\Users\Dennes\AppData\Local\VirtualStore\Akamai\kluaeuh.dll",DllRegisterServerW) [-] -> DELETED
    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
    [TASK][ROGUE ST] 4786 : wscript.exe C:\Users\Dennes\AppData\Local\Temp\launchie.vbs //B -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\n.) [x] -> REPLACED (C:\Windows\system32\shell32.dll)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\@ [-] --> REMOVED
    [Del.Parent][FILE] [email protected] : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected] [-] --> REMOVED
    [Del.Parent][FILE] [email protected] : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected] [-] --> REMOVED
    [Del.Parent][FILE] [email protected] : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected] [-] --> REMOVED
    [Del.Parent][FILE] [email protected] : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected] [-] --> REMOVED
    [Del.Parent][FILE] [email protected] : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected] [-] --> REMOVED
    [Del.Parent][FILE] [email protected] : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U\[email protected] [-] --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U --> REMOVED
    [Del.Parent][FILE] [email protected] : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\L\[email protected] [-] --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Users\Dennes\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\L --> REMOVED
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST9500325AS ATA Device +++++
    --- User ---
    [MBR] a5b776b629081161762d36019ec5ea4b
    [BSP] a11820b318a8dc775dc9f5f69a1577d9 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 474898 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_02192013_02d2013.txt >>
    RKreport[1]_S_02192013_02d2010.txt ; RKreport[2]_D_02192013_02d2013.txt

    **************
    RogueKiller V8.5.1 _x64_ [Feb 19 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Dennes [Admin rights]
    Mode : Shortcuts HJfix -- Date : 02/19/2013 20:17:27
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 1 / Fail 0
    Quick launch: Success 1 / Fail 0
    Programs: Success 12 / Fail 0
    Start menu: Success 1 / Fail 0
    User folder: Success 170 / Fail 0
    My documents: Success 2 / Fail 2
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 454 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 115 / Fail 0
    Backup: [NOT FOUND]
    Drives:
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    Finished : << RKreport[3]_SC_02192013_02d2017.txt >>
    RKreport[1]_S_02192013_02d2010.txt ; RKreport[2]_D_02192013_02d2013.txt ; RKreport[3]_SC_02192013_02d2017.txt

    **************
    OTL logfile created on: 2/21/2013 9:10:16 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennes\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.97 Gb Total Physical Memory | 4.64 Gb Available Physical Memory | 58.30% Memory free
    15.93 Gb Paging File | 12.48 Gb Available in Paging File | 78.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 463.77 Gb Total Space | 275.27 Gb Free Space | 59.35% Space Free | Partition Type: NTFS
    Drive D: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DENNES-PC | User Name: Dennes | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Dennes\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
    PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    PRC - C:\Users\Dennes\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe ()
    PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - C:\Program Files (x86)\X3watch\x3watch.exe (Tiger Green Productions LLC)
    PRC - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
    PRC - C:\Program Files (x86)\Program DJ\Wow Video&Audio\WVAMain.exe ()
    PRC - C:\Program Files (x86)\Program DJ\Wireless Switch\wlss.exe (Compal Electronics, Inc.)
    PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
    PRC - C:\Program Files (x86)\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
    MOD - C:\Program Files (x86)\Program DJ\Wow Video&Audio\WVAMain.exe ()
    MOD - C:\Windows\SysWOW64\EMSC.DLL ()
    MOD - C:\Program Files (x86)\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
    SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (DefaultTabUpdate) -- C:\Users\Dennes\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe ()
    SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (EgisTec Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
    DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (PTAPCVSP) -- C:\Windows\SysNative\drivers\PTAPCVSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (PTAPCMDM) -- C:\Windows\SysNative\drivers\PTAPCMDM.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (PTAPCBUS) -- C:\Windows\SysNative\drivers\PTAPCBUS.sys (DEVGURU Co., LTD.)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
    DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
    DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
    DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
    DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
    DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egistec)
    DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
    DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
    DRV:64bit: - (EMSC) -- C:\Windows\SysNative\drivers\EMSC.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
    DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (NPF) -- C:\Windows\SysWOW64\drivers\npf.sys (CACE Technologies)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (EMSC) -- C:\Windows\SysWOW64\drivers\EMSC.sys (Windows (R) Win 7 DDK provider)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 2E 61 B9 9C 0D CE 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://msn.com/
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=d02877f3000000000000705ab627f426
    IE - HKCU\..\SearchScopes\{44DC7623-225E-4A19-84DC-D79769172574}: "URL" = http://search.conduit.com/ResultsEx...urce=4&ctid=CT3101810&CUI=UN15973160816091206
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7RNRN_enJP448
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...5a58546b82b&lang=en&ds=AVG&pr=pr&d=2013-02-18 10:20:24&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searc...&install_date=20110827&iesrc={referrer:source}
    IE - HKCU\..\SearchScopes\{F0B105A6-642A-4778-BC00-CBE4FA9EF507}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=9E7A246D-EC77-49BD-9731-A325D402C3CB
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Dennes\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll File not found
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/23 20:09:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10 [2013/02/10 09:42:27 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/23 20:09:25 | 000,000,000 | ---D | M]


    ========== Chrome ==========


    O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
    O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [WLSS] C:\Program Files (x86)\Program DJ\Wireless Switch\wlss.exe (Compal Electronics, Inc.)
    O4 - HKLM..\Run: [Wow Video&Audio] C:\Program Files (x86)\Program DJ\Wow Video&Audio\WVAMain.exe ()
    O4 - HKLM..\Run: [x3watch] C:\Program Files (x86)\X3watch\x3watch.exe (Tiger Green Productions LLC)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dennes\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKLM..\RunOnce: [vitzo] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.)
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab (Reg Error: Key error.)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (Reg Error: Key error.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 10.6.2)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31BF894D-B7DC-4F59-8391-547E07951272}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{564FC27C-5B45-4182-B400-9C0CEF145CD4}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/11/21 10:26:21 | 000,000,057 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{461148e2-e706-11e1-9bf7-705ab627f426}\Shell - "" = AutoRun
    O33 - MountPoints2\{461148e2-e706-11e1-9bf7-705ab627f426}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
    O33 - MountPoints2\{c0898554-bc4a-11df-b58f-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{c0898554-bc4a-11df-b58f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\OblivionLauncher.exe -- [2006/04/06 10:25:44 | 001,662,976 | R--- | M] (Bethesda Softworks)
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/21 21:08:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dennes\Desktop\OTL.exe
    [2013/02/19 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\Dennes\Desktop\RK_Quarantine
    [2013/02/19 19:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
    [2013/02/19 13:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2013/02/18 10:38:35 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dennes\Desktop\dds.scr
    [2013/02/18 10:32:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dennes\Desktop\HijackThis.exe
    [2013/02/18 10:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2013/02/17 22:52:16 | 000,000,000 | ---D | C] -- C:\Users\Dennes\AppData\Roaming\Complitly
    [2013/02/17 22:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Complitly
    [2013/02/17 22:52:07 | 000,000,000 | ---D | C] -- C:\Users\Dennes\AppData\Roaming\OpenCandy
    [2013/02/17 22:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2013/02/17 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\Dennes\AppData\Local\Conduit
    [2013/02/17 22:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Somoto
    [2013/02/16 10:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013/02/16 10:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/02/16 10:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2013/02/16 10:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/02/16 10:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2013/02/16 10:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2013/02/16 10:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2013/02/14 11:12:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/02/14 11:12:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/02/14 11:12:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/02/14 11:12:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/02/14 11:12:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/02/14 11:12:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/02/14 11:12:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/02/14 11:12:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/02/14 11:12:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/02/14 11:12:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/02/14 11:12:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/02/14 11:12:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/02/14 11:11:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/02/14 11:11:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/02/14 11:11:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/02/13 17:22:03 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/02/13 17:22:01 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/02/13 17:21:59 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/02/13 17:21:47 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2013/02/13 17:21:46 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2013/02/13 17:21:46 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2013/02/13 17:21:46 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2013/02/13 17:21:46 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/02/13 17:21:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/02/13 17:21:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2013/02/13 17:21:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/02/13 17:21:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/02/13 17:21:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/02/13 17:21:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/02/13 17:21:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/02/13 17:21:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/02/13 17:21:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2013/02/13 17:21:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2013/02/13 17:21:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013/02/13 17:21:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2013/02/13 17:21:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/02/13 17:21:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/02/13 17:21:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013/02/13 17:21:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2013/02/13 17:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2013/02/13 17:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2013/02/13 17:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013/02/13 17:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2013/02/13 17:21:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/02/13 17:21:38 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2013/02/12 19:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/02/08 21:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokémon Dawn of Darkness
    [2013/02/08 21:46:11 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dx8vb.dll
    [2013/02/08 21:46:11 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
    [2013/02/08 21:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDoD
    [2013/01/30 19:08:13 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
    [2013/01/30 19:08:13 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
    [2013/01/30 19:08:13 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
    [2013/01/30 19:08:13 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
    [2013/01/30 19:08:11 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
    [2013/01/30 19:08:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
    [2013/01/30 19:08:08 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
    [2013/01/30 19:08:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
    [2013/01/30 19:08:03 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
    [2013/01/30 19:08:03 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
    [2013/01/30 19:08:02 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
    [2013/01/30 19:08:02 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
    [2013/01/30 19:08:00 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
    [2013/01/30 19:08:00 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
    [2013/01/30 19:07:57 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
    [2013/01/30 19:07:57 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Dennes\*.tmp files -> C:\Users\Dennes\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/21 21:08:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennes\Desktop\OTL.exe
    [2013/02/21 21:06:43 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/21 21:06:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/21 21:06:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/21 21:06:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/20 09:45:35 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/20 09:45:35 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/19 20:00:08 | 000,774,144 | ---- | M] () -- C:\Users\Dennes\Desktop\RogueKillerX64.exe
    [2013/02/19 18:09:26 | 000,003,825 | ---- | M] () -- C:\Users\Dennes\Desktop\ESET log2.rtf
    [2013/02/18 10:42:05 | 000,374,784 | ---- | M] () -- C:\Users\Dennes\Desktop\8s75vk2z.exe
    [2013/02/18 10:38:35 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dennes\Desktop\dds.scr
    [2013/02/18 10:32:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dennes\Desktop\HijackThis.exe
    [2013/02/18 10:20:04 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/02/17 23:56:06 | 000,135,130 | ---- | M] () -- C:\Users\Dennes\Documents\cc_20130217_235551.reg
    [2013/02/17 22:50:59 | 000,000,009 | ---- | M] () -- C:\END
    [2013/02/17 21:46:36 | 000,000,222 | ---- | M] () -- C:\Users\Dennes\Desktop\Bastion.url
    [2013/02/17 21:43:51 | 000,000,222 | ---- | M] () -- C:\Users\Dennes\Desktop\FTL Faster Than Light.url
    [2013/02/16 23:01:24 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/02/16 23:01:24 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/02/16 10:28:16 | 000,739,728 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/16 10:28:16 | 000,633,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/16 10:28:16 | 000,110,782 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/16 10:22:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2013/02/16 10:22:02 | 2119,794,687 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/16 10:20:01 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/02/15 15:49:38 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/12 19:43:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Dennes\*.tmp files -> C:\Users\Dennes\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/19 20:00:08 | 000,774,144 | ---- | C] () -- C:\Users\Dennes\Desktop\RogueKillerX64.exe
    [2013/02/19 18:09:26 | 000,003,825 | ---- | C] () -- C:\Users\Dennes\Desktop\ESET log2.rtf
    [2013/02/18 10:42:05 | 000,374,784 | ---- | C] () -- C:\Users\Dennes\Desktop\8s75vk2z.exe
    [2013/02/17 23:56:03 | 000,135,130 | ---- | C] () -- C:\Users\Dennes\Documents\cc_20130217_235551.reg
    [2013/02/17 22:50:58 | 000,000,009 | ---- | C] () -- C:\END
    [2013/02/17 21:46:36 | 000,000,222 | ---- | C] () -- C:\Users\Dennes\Desktop\Bastion.url
    [2013/02/17 21:43:51 | 000,000,222 | ---- | C] () -- C:\Users\Dennes\Desktop\FTL Faster Than Light.url
    [2013/02/16 10:20:01 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/02/08 21:46:49 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\SocTex.ocx
    [2013/01/30 19:07:30 | 000,002,547 | ---- | C] () -- C:\Users\Dennes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizardry Online.lnk
    [2013/01/24 19:58:17 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2012/08/23 20:04:07 | 000,003,584 | ---- | C] () -- C:\Users\Dennes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/22 17:57:07 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
    [2012/02/29 17:39:18 | 000,000,045 | ---- | C] () -- C:\Users\Dennes\jagex_cl_runescape_LIVE.dat
    [2012/02/29 17:39:18 | 000,000,024 | ---- | C] () -- C:\Users\Dennes\random.dat
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/08/26 17:09:37 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2011/01/25 12:08:07 | 000,001,076 | ---- | C] () -- C:\Users\Dennes\Pictures - Shortcut.lnk
    [2010/11/25 08:04:07 | 000,000,094 | ---- | C] () -- C:\Users\Dennes\AppData\Local\fusioncache.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "ThreadingModel" = Both
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/05/28 10:02:29 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\AVG
    [2012/10/07 14:40:50 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\AVG2013
    [2012/07/12 19:00:43 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\Babylon
    [2011/05/26 15:51:08 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\BitTorrent
    [2013/02/17 23:36:29 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\Complitly
    [2012/07/12 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\DefaultTab
    [2012/02/08 15:00:42 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\FOG Downloader
    [2010/09/23 07:23:11 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\GetRightToGo
    [2011/08/29 04:44:07 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\OfficeRecovery
    [2013/02/17 22:52:07 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\OpenCandy
    [2010/12/01 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\SharePod
    [2010/12/07 00:06:58 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\Spacejock Software
    [2011/05/27 17:49:10 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\Stardock
    [2012/04/28 13:22:30 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\TeamViewer
    [2012/10/07 14:37:31 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\TuneUp Software
    [2011/07/23 01:17:26 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\Windows Live Writer
    [2012/03/11 20:45:41 | 000,000,000 | ---D | M] -- C:\Users\Dennes\AppData\Roaming\x3watch

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2010/11/20 23:31:15 | 000,000,000 | ---D | M](C:\Users\Dennes\Documents\?? ???) -- C:\Users\Dennes\Documents\&#45349;&#49832; &#54540;&#47084;&#44536;
    [2010/11/20 23:31:15 | 000,000,000 | ---D | C](C:\Users\Dennes\Documents\?? ???) -- C:\Users\Dennes\Documents\&#45349;&#49832; &#54540;&#47084;&#44536;

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4
    < End of report >

    ****************
    OTL Extras logfile created on: 2/21/2013 9:10:16 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennes\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.97 Gb Total Physical Memory | 4.64 Gb Available Physical Memory | 58.30% Memory free
    15.93 Gb Paging File | 12.48 Gb Available in Paging File | 78.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 463.77 Gb Total Space | 275.27 Gb Free Space | 59.35% Space Free | Partition Type: NTFS
    Drive D: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DENNES-PC | User Name: Dennes | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0987176A-B615-42B7-9473-0CAFFC3E6EC9}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1C76CDDB-8E20-4E9C-9DA3-1BE193826649}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1FFC1A7A-B482-47D7-9DD1-B66D67D94B87}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{203303E6-15E9-47AF-B411-EDC20C0ED1AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{20984E31-B16E-4690-962E-06D56B41DCD7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{28F6F30D-31E1-4DB3-964E-FE2DEF1ABA64}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{41004303-3D00-44B1-918D-FAE3F290BC30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{4E10923E-5B79-4B9F-BB69-7B1FE9372DBD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4F5EA7B8-2285-443D-8784-96AE5A482DB5}" = lport=138 | protocol=17 | dir=in | app=system |
    "{55F99067-38B3-4CFF-9D08-4C51587DA6A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{66769797-DA77-4DBC-9B7D-86F266056957}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6B833380-B41E-4C12-8495-C2A808B1D473}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{6DE8C866-037C-40B8-BFA0-BD5BB3735840}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6FF6A0A9-D3AA-43DC-9400-23AF8F9625B9}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8559E0B0-BEB9-413A-ADAC-1C479CD6A67D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{868C09E7-193A-4A65-AE88-24017CFD1637}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{86A1BE31-D056-4D4B-940D-41E64A1C3DE8}" = rport=138 | protocol=17 | dir=out | app=system |
    "{9D55BBD9-C7B0-4B13-8B73-72D8CB904E9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{AEFFF0CB-D46D-4E29-B2BF-A095DEE4D7EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B29A7E9A-EF8F-4626-B5A4-08427D54C00D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{B99E69C2-13BD-406E-AD69-E38675A844C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C407B673-2BC6-4E24-9311-314D3B9A66E7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{C7E21B2D-A7BD-4D88-9DDE-B7D93C75BCD4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D29C94EF-7946-46D3-AD66-8D7527D06765}" = rport=137 | protocol=17 | dir=out | app=system |
    "{DA73CB44-E342-4CD7-9EB3-4707A788A2EE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{DF638D77-E0AB-40C0-8D3D-9244C5FD4342}" = rport=445 | protocol=6 | dir=out | app=system |
    "{DFCA6D3B-712E-4803-8376-69123073380C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E1565B56-0983-49A0-BA26-FA00A66B8CF9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{E76E1B23-9A66-408C-9B11-BEC8C752A747}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{ED778891-C3C7-42E3-A0F7-C0950C3D99D9}" = lport=445 | protocol=6 | dir=in | app=system |
    "{FA724B21-5022-4EFD-B111-7C87F0056153}" = lport=139 | protocol=6 | dir=in | app=system |
    "{FA834299-7F4F-414D-A0B7-E23CDFE6A0D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01DE32BE-1163-4138-843A-4C209FCA21EE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{01F6FBEE-CF8E-450E-9E17-D1D2D43357DA}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
    "{0D5423FC-0868-41C5-8E25-19CB777A2434}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{12EF710C-BA7B-494A-A63A-1A19C8AA5CA9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{149E18CD-5738-4AED-BCBB-6217CB750B6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{17080D62-746A-4259-B55C-99AA2B889C39}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{176B4604-817A-4D5D-972D-55C347CF0130}" = protocol=17 | dir=in | app=c:\program files (x86)\pdod\pokemon online.exe |
    "{18EAC5E7-544F-44CD-BC7A-465037AA0CBE}" = protocol=58 | dir=in | [email protected],-28545 |
    "{19996811-955E-43F7-B297-DCE7099C8FAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{1AA646D4-7268-48E9-AD82-692D5EC81884}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{246C00F8-800B-480C-9432-7F0CB9D38097}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{24C457AE-81CA-40AC-BC75-F34B0AC09109}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{27CC2F51-6BDF-4EDC-8518-FC5E02D91D00}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{2906073E-93B2-400A-9D8E-3651645EE539}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{2A4DEB72-30B3-4A8B-AC94-4BB69554D28B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{2AFC2942-8FF3-4655-B70C-C04B314D6898}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{33A7E42A-29B7-4649-943D-C9DC6B38B474}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{37945EBC-8826-48E8-ACC4-8140EAA4F7A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
    "{3E090867-E34B-477C-9231-A37BFF347B6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{43C8879F-1E52-4D40-A1BA-F18FA49D2A34}" = protocol=1 | dir=in | [email protected],-28543 |
    "{483A37E8-E09F-40AC-B1E6-2339DDE8CBA1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{48549812-A2DE-447F-8239-D471DC481A16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{4B2DFFA4-FE3C-4CDB-A5C4-B2C6902D0E12}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
    "{53D7E192-9FBC-4A06-8011-41743EF3ED5F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{60985601-962C-44AF-BA4B-066916F077A7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{6206F0FD-E1C2-4BFB-9C0B-121CD0A4B996}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{64D3911C-1D32-4388-B66E-A1FE54007665}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{66DF6018-CD84-484C-B57A-5A9B3990420A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{6DE46952-2AB6-4B3E-B45E-893C7F8878AB}" = protocol=1 | dir=out | [email protected],-28544 |
    "{6E3B1F48-0324-4FE0-8FA7-E1C3C046F15C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6F5AB56C-8000-41B1-8277-C42EA7035DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{72DB3842-0D6F-40A3-B942-A9E3CE4A87FB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{79611B1C-8A10-4C9D-A5C1-A15896B0B8C3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{7AD4C238-2E2E-4684-8BA8-0CB424A0B7C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{81ADEC46-F665-4C35-92E4-8BE637FD94F3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{82F162F9-BE22-4035-9E36-C910F89586B4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{83A28FFA-341F-4E86-B6B0-975163AB791C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{86574D17-BFE5-4688-A230-74ED11D09836}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{875A8F3A-E9A8-4314-BDC5-D61C9941D920}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{878DF280-F658-45F4-BE14-B9D13F560D01}" = protocol=6 | dir=out | app=system |
    "{8E1E1D97-60EF-4EEF-9D3C-9DFF04349D35}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{92791B50-0ADB-4ECD-85BA-33B3C335AD85}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{97A6DDF0-45F8-4B1F-A24B-A367AFF390FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{99C24F57-724D-4F3B-A500-7321643945B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{9A739336-5359-4413-9E6E-3DA570521761}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{9B42E695-965E-4A4A-958A-95807B1D7AC0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9F1D9996-8981-4935-B607-D18F060DF2B6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{A66F52B6-1390-4579-B58F-D06DBB4FC7C3}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
    "{AB396963-1493-42FC-B047-9C69599A9378}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{AFFEB4C7-B952-461B-A553-30B74BE39065}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{B118B08E-C6DC-424A-B380-B8C82BAFB447}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{BA284B2A-2339-4BF3-B5DC-B12D62EF4C4A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{BC36EF28-A007-4B5A-85B0-A80E0067B340}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{C0915C03-717F-411B-AAFC-E13297F9D5A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C23897EE-1E7F-440A-927D-9FA6B18EFBBF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{C74A453F-67C6-4102-B66D-1C6AEEE3F7BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C89D98DF-3D1A-4F1C-AE90-83E93DCE24C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CAE2C882-0F58-4ECF-8042-4810A7A09706}" = protocol=6 | dir=in | app=c:\program files (x86)\pdod\pokemon online.exe |
    "{CB8E3BAC-4BA3-4C7E-AE54-1B2362C6CF29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
    "{CED45EC3-2579-4D62-8816-D1E41782EE73}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{D3096228-1906-4EA4-8E24-1B01283B0EAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D4598843-6CA0-42CB-ADDE-9362374D1B80}" = protocol=6 | dir=in | app=c:\program files (x86)\pdod\gameupdate.exe |
    "{D609E685-0634-4295-9493-84DE82CE7A35}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
    "{DB0AFDF6-DC05-4C32-8045-FF170BA0A1E1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{DC65030D-B139-4D41-9DC7-9032846AE62E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{F02B9F40-0BD6-4A36-8ED3-5293E96D6028}" = protocol=17 | dir=in | app=c:\program files (x86)\pdod\gameupdate.exe |
    "{F064CE8A-FB40-4C0A-8EB7-AAF0A725451E}" = protocol=58 | dir=out | [email protected],-28546 |
    "{F2592CEA-AB78-4E10-B327-C38771919FF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{F5939594-DA1D-4B30-AB78-7C3E714C9E4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
    "{F670527B-E150-49F1-AD2B-AFD8F8295F89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F8578AE9-F8CB-41C9-9F21-45F49A50F382}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F9C109C5-4723-4745-B588-1A288840A645}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F9CA31AF-9E87-491B-8FE3-71B88938BCD2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{FD0AED8C-BCBE-4FB4-9ED5-852F5AAB67A7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{FF79B982-4268-4A4D-A47E-016DC8480C44}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "TCP Query User{18A6B28F-0CC1-4030-BEA3-25806523AD2A}C:\users\dennes\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dennes\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{4648237E-7F9E-4EC0-984F-078D4CF6331D}C:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
    "TCP Query User{596714E9-7E3E-4A95-A201-37BDBAE3C2E0}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe |
    "TCP Query User{89FBB2AD-92CF-424F-AD3C-6ED6A2AA9642}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "TCP Query User{A0FA169B-83E6-4953-9B69-D9D6B12F4101}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{A6DB9B02-7D75-4F80-848B-AC7E8E967BA1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{E3E5BB04-AAB0-4506-9BF3-854FA44FAE9E}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
    "TCP Query User{F37A252F-86C1-4E5F-A507-6C6AAA1378A4}C:\users\dennes\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dennes\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{1CD341A4-A9A1-46B9-B0FC-F5FDCD552FED}C:\users\dennes\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dennes\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{2B720B88-21B3-429C-ACE2-356BFF7D8D66}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{3FD69CD4-B64C-4982-9AB4-0F0D991BB24E}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
    "UDP Query User{6D45DB4B-C02D-47D3-AA01-21277A25B331}C:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
    "UDP Query User{7C270BA4-669E-46EF-A48C-402772FD312C}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe |
    "UDP Query User{A2084DAC-9F97-408A-AEE9-F9FF00F5755A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{C009CF5C-0F2C-4E4F-B662-834FCFFBC080}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "UDP Query User{CD92DCF4-F35F-4BF6-83F0-E5F0DFC414F7}C:\users\dennes\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dennes\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
    "{1EAB8DE9-1438-29DB-1367-F539FC7384D6}" = ccc-utility64
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
    "{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
    "{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
    "{D10485E3-0FE8-8A07-B9B4-E08967FCBCB4}" = ATI Catalyst Install Manager
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2013
    "CCleaner" = CCleaner
    "FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05B0F04F-3390-ED64-9561-79B30B969104}" = Catalyst Control Center Core Implementation
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{0B1B0A95-410F-18CE-3D54-BFBDBEB9D371}" = CCC Help Japanese
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{15782AFB-6F70-07B5-C50F-6DC19A63F319}" = Catalyst Control Center Graphics Full Existing
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1A516651-6762-8359-B812-CA2EFE804486}" = CCC Help Hungarian
    "{1E568224-342E-856D-AD34-E21376FEB238}" = CCC Help Portuguese
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
    "{23BDF7D8-C353-4BA8-8567-814F91332CEA}" = Wireless Switch 2
    "{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}" = AveoCap
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
    "{277CCF3A-0C83-FC27-7BEC-08B590E44DA3}" = ccc-core-static
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
    "{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
    "{39927011-45C5-4CBE-6F5A-1302B9141FB0}" = Catalyst Control Center Graphics Light
    "{3DC378F9-CBBB-60DF-C8BF-8E370E7078D3}" = CCC Help Chinese Traditional
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4ECC8C99-F939-1E7B-7702-1002761479B2}" = CCC Help German
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{588EB06A-F24F-8FBE-DB6B-BC6D0EBF4A7A}" = Catalyst Control Center Graphics Previews Vista
    "{5CB73EF0-A523-FA2C-9148-E86A9E9E32C0}" = Catalyst Control Center Graphics Full New
    "{64E793B0-2CCD-5FE5-0BD4-A428BCC9C536}" = CCC Help Turkish
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{6AE67F9E-CD89-F0A2-13F8-44BFF16B7F63}" = CCC Help Swedish
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6B8E7A89-B62B-D041-01B7-CC519238498F}" = CCC Help Korean
    "{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{767335A4-6D40-278E-7509-206AAACD9399}" = CCC Help Finnish
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Warhammer 40,000: Dawn Of War - Gold Edition
    "{84F3897C-6203-61F6-8C60-8C3BF8F72BCB}" = CCC Help Thai
    "{8506AB15-0CA3-891F-9595-25719AAC166F}" = CCC Help Danish
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8D8CCC6A-1C4D-B41F-BC88-C06992714DA9}" = CCC Help Greek
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{99282B22-601F-48C1-B5BC-849044CCD43A}" = Catalyst Control Center - Branding
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CDE7744-0E92-95BF-97F1-511370CCB83C}" = CCC Help Russian
    "{9D88AB83-B3DA-6DCA-7D3D-98EBDB890860}" = CCC Help Italian
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A28BBF0A-2E2F-4F46-8A30-E5BD33CA4F53}" = CCC Help Czech
    "{A90A9687-CCBF-4069-C514-9F195F5832F4}" = CCC Help Dutch
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{AE984F45-6C81-7764-5A08-0211416CA643}" = CCC Help Norwegian
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B4601253-D414-8338-C42E-2D270A51B107}" = CCC Help French
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B5A4D5A1-7646-4EA9-9D30-3368A736A791}_is1" = PDoD Uninstallation
    "{BBF6E466-ED53-4CCE-8221-C5BB04CEB1ED}" = Pantech USB Driver for Android phones ver1
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C1959660-D697-8EB9-41EF-868F37BB3076}" = Catalyst Control Center Localization All
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{C7D182A7-051F-3224-ACD5-7055E1EC5A33}" = Catalyst Control Center InstallProxy
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{D0325120-0784-7A49-2280-FDC6AA15CF8A}" = CCC Help English
    "{D1EA6E2A-73F2-7A6C-0C2A-4E649516B7D5}" = CCC Help Polish
    "{D3E5FBE9-B0A0-C097-06C0-B54E0AEFC367}" = CCC Help Chinese Standard
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E51C0367-EE77-4BB7-999F-F000CAF3897E}" = Verizon Tool Launcher for ADR910L
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EB1D5243-628C-31CD-CCF5-8A05FFD4D3DA}" = CCC Help Spanish
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
    "{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility
    "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
    "{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
    "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.04.04.8012
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Akamai" = Akamai NetSession Interface Service
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "DefaultTab" = DefaultTab
    "Fallout Collection" = Fallout Collection
    "HTC_WModemDriver" = WModem Driver Installer
    "InstallShield_{23BDF7D8-C353-4BA8-8567-814F91332CEA}" = Wireless Switch 2
    "InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
    "InstallShield_{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility
    "Master of Orion 1 and 2_is1" = Master of Orion 1 and 2
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "PROR" = Microsoft Office Professional 2007
    "Steam App 107100" = Bastion
    "Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
    "Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
    "Steam App 212680" = FTL: Faster Than Light
    "TeamViewer 7" = TeamViewer 7
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "X3watch_is1" = X3watch 5.0.10
    "yWriter5_is1" = yWriter5

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/1/2013 6:42:37 PM | Computer Name = Dennes-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3292

    Error - 2/2/2013 4:02:57 PM | Computer Name = Dennes-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/2/2013 4:02:57 PM | Computer Name = Dennes-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1060

    Error - 2/2/2013 4:02:57 PM | Computer Name = Dennes-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1060

    Error - 2/2/2013 4:02:58 PM | Computer Name = Dennes-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/2/2013 4:02:58 PM | Computer Name = Dennes-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2059

    Error - 2/2/2013 4:02:58 PM | Computer Name = Dennes-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2059

    Error - 2/2/2013 4:02:59 PM | Computer Name = Dennes-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/2/2013 4:02:59 PM | Computer Name = Dennes-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3073

    Error - 2/2/2013 4:02:59 PM | Computer Name = Dennes-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3073

    [ System Events ]
    Error - 2/16/2013 1:20:36 PM | Computer Name = Dennes-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 2/16/2013 1:22:11 PM | Computer Name = Dennes-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 2/16/2013 1:22:26 PM | Computer Name = Dennes-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 2/16/2013 1:23:55 PM | Computer Name = Dennes-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 2/16/2013 1:23:55 PM | Computer Name = Dennes-PC | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 2/17/2013 6:29:15 PM | Computer Name = Dennes-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 2/17/2013 6:29:15 PM | Computer Name = Dennes-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the TeamViewer7 service.

    Error - 2/17/2013 8:44:10 PM | Computer Name = Dennes-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Wlansvc service.

    Error - 2/19/2013 9:56:12 PM | Computer Name = Dennes-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 2/19/2013 9:56:17 PM | Computer Name = Dennes-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.


    < End of report >
     
  8. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello MeanDeen,

    Please run OTL.exe

    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: - No CLSID value found
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={search...00705ab627f426
      IE - HKCU\..\SearchScopes\{44DC7623-225E-4A19-84DC-D79769172574}: "URL" = http://search.conduit.com/ResultsExt...73160816091206
      IE - HKCU\..\SearchScopes\{F0B105A6-642A-4778-BC00-CBE4FA9EF507}: "URL" = http://websearch.ask.com/redirect?cl...1-A325D402C3CB
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [resethosts]
      [emptytemp]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
    After that

    Please download AdwCleaner from here to your desktop
    • Click on the green downward facing arrow on the right to commence download.
    • Run AdwCleaner and select Delete

    [​IMG]

    Once done it will ask to reboot, allow this.

    On reboot a log will be produced please post that back here.

    So when you return please post
    • OTL txt
    • AdwCleaner log
    • and tell me how your computer is now

     
  9. MeanDeen

    MeanDeen Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    8
    Alright here it is.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44DC7623-225E-4A19-84DC-D79769172574}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44DC7623-225E-4A19-84DC-D79769172574}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F0B105A6-642A-4778-BC00-CBE4FA9EF507}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0B105A6-642A-4778-BC00-CBE4FA9EF507}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Dennes\Desktop\cmd.bat deleted successfully.
    C:\Users\Dennes\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Dennes
    ->Temp folder emptied: 239426840 bytes
    ->Temporary Internet Files folder emptied: 446355007 bytes
    ->Java cache emptied: 2454445 bytes
    ->Google Chrome cache emptied: 6784452 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 99840 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 282826210 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028638 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 967.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02212013_220606
    Files\Folders moved on Reboot...
    C:\Users\Dennes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Dennes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XITU42AS\Gordon_Walker_(Supernatural)[1].htm moved successfully.
    C:\Users\Dennes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7PH5AHV\1090071-livesearchnow-problem[1].htm moved successfully.
    C:\Users\Dennes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FK6ZKUWI\aclk[2].htm moved successfully.
    C:\Users\Dennes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Dennes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...

    **************

    # AdwCleaner v2.112 - Logfile created 02/21/2013 at 22:15:50
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Dennes - DENNES-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Dennes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L89JMIOH\adwcleaner0.exe
    # Option [Delete]

    ***** [Services] *****
    Stopped & Deleted : DefaultTabUpdate
    ***** [Files / Folders] *****
    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\END
    File Deleted : C:\user.js
    Folder Deleted : C:\Program Files (x86)\1ClickDownload
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Complitly
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\ProgramData\APN
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Dennes\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Dennes\AppData\Local\Conduit
    Folder Deleted : C:\Users\Dennes\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Dennes\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Dennes\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Dennes\AppData\Roaming\Complitly
    Folder Deleted : C:\Users\Dennes\AppData\Roaming\DefaultTab
    Folder Deleted : C:\Users\Dennes\AppData\Roaming\OpenCandy
    ***** [Registry] *****
    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Somoto
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3101810
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16464
    [OK] Registry is clean.
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Dennes\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [7895 octets] - [21/02/2013 22:15:50]
    ########## EOF - C:\AdwCleaner[S1].txt - [7955 octets] ##########

    So Google is no longer redirecting, I'm not getting any wierd "Searchnow" things on random words, and my internet seems to be running faster. Is my computer safe now?
     
  10. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello MeanDeen,

    Yes I think we have done the job.:)

    We have a couple of last steps to perform and then you're all set.[​IMG]

    • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
    • Click on the CleanUp! button
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
    Any other tools remaining may be deleted.

    Next, we need to clean your restore points and set a new one:

    Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

    • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
    • Under Protection Settings, click the radio button Configure.
    • Under Disk Space Usage, click the radio button Delete.
    • Click Continue, and then click OK.

      -------------------------------------------------------------------------------------------------------------------

      A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
      -------------------------------------------------------------------------------------------------------------------

      Here are some things that I think are worth having a look at if you don't already know about them:

      ---------------------------------------------------------------------------------------------------------------------

      It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

      ----------------------------------------------------------------------------------------------------------------------

      Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.
      • Download Java for Windows

        Reboot your computer.
        You also need to unininstall older versions of Java.
      • Click Start > Control Panel > Add or Remove Programs
      • Remove all Java updates except the latest one you have just installed.
      --------------------------------------------------------------------------------------------------------------------

      To help protect your computer in the future:


      • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

        * Click Start > Control Panel > System and Security > Windows Update
        * Under Windows Update click on Turn automatic updating on or off
        * Check items shown to ensure you receive updates automatically. Click OK.

        And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
      • Malwarebytes
      • SuperAntiSpyWare
      Be aware of what emails you open and websites you visit.

      Go here for some good advice about how to prevent infection.

      A fun way to check your online safety literacy.

      Quiz - getsafeonline

      Have a safe and happy computing day!
     
  11. MeanDeen

    MeanDeen Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    8
    Done and Done. Did everything you said, downloaded Malwarebytes and am seriously considering upgrading to the paid version. It's a lot more user friendly than most other anti-Malware programs I've used. Thanks aganin for all the help. If we ever meet, I owe you a drink or dinner or whatever floats your boat.
     
  12. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    You are very welcome.:)
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090071

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice