Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Ads in lower left corner of browser (displayed in flash player)

  1. #1
    Junior Member
    Join Date
    Oct 2012
    Posts
    18

    Default Ads in lower left corner of browser (displayed in flash player)

    Hello!

    I have a problem with unwanted ads in all of my browsers (firefox, IE, as well as steam). Without adobe flash player installed it manifests as a div-box containing the ad in the bottom left of the browser window. If I enable adblock, the ad is invisible (but the div is still there). If I have adobe flash player installed, adblock will not work, and the ad will display in an adobe flash window.

    I've tried a number of rootkit removal programs and registry cleaners (which I have now realized is stupid), but none of them have solved the issue.
    Some examples of what I've tried:
    • CCleaner
    • CleanUp!
    • TDSSkiller
    • Comodo Cleaning Essentials
    • SUPERAntiSpyware
    • Microsoft Security Essentials
    • Sophos
    • Ad-aware
    • Etc. In short, a lot of software


    I have backed up my registry using ERUNT as instructed in the "BEFORE you POST"-post.
    I've provided the DDS and aswMBR logs below, also the attach.txt is provided as a zipped attachment to this post.

    DDS-log
    DDS (Ver_2012-10-14.05) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
    Run by Max at 23:52:20 on 2012-10-15
    Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1033.18.8159.5670 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Core Temp\Core Temp.exe
    C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\WindowsMobile\wmdcBase.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Net iD\iid.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.entru.com/?s=21983
    mStart Page = hxxp://search.entru.com/?s=21983
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [AdobeBridge] <no file>
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: NameServer = 79.138.0.180 85.8.31.209
    TCP: Interfaces\{39A85E31-4D53-438C-8BF9-DB3B5F11B375} : DHCPNameServer = 79.138.0.180 85.8.31.209
    TCP: Interfaces\{CB2B4FA5-6527-4A2D-8E86-925589073BAF} : DHCPNameServer = 79.138.0.180 85.8.31.209
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [Net iD] "C:\Program Files\Net iD\iid.exe"
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 78.46.61.26 www.google-analytics.com.
    Hosts: 78.46.61.26 ad-emea.doubleclick.net.
    Hosts: 78.46.61.26 www.statcounter.com.
    Hosts: 108.163.215.51 www.google-analytics.com.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\go2atoz2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/ig
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
    FF - ExtSQL: 2012-10-15 23:26; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\go2atoz2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2012-10-15 23:27; artur.dubovoy@gmail.com; C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\go2atoz2.default\extensions\artur.dubovoy@gmail.com.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-6 236544]
    R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240]
    R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-2 915584]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-4-17 586880]
    R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-5-6 23816]
    R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-4-17 133800]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-4-6 11174400]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-4-6 343040]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\System32\drivers\e1c62x64.sys [2012-4-17 313520]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2010-10-19 56344]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-29 46136]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-15 115168]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 NVFLASH;NVFLASH;C:\Windows\System32\drivers\nvflash.sys [2012-4-18 13416]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-5 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-26 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2012-10-15 21:21:49 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D9135E9F-AA0E-4823-BDDA-A0C3C13B6247}\mpengine.dll
    2012-10-15 21:04:36 208216 ----a-w- C:\Windows\System32\drivers\24476593.sys
    2012-10-15 18:42:35 -------- d-----w- C:\Program Files (x86)\RIFT Game
    2012-10-14 15:20:31 -------- d-----w- C:\Program Files (x86)\ESET
    2012-10-14 14:40:36 -------- d-----w- C:\ProgramData\TERA
    2012-10-14 14:40:27 -------- d-----w- C:\Program Files (x86)\TERA
    2012-10-14 07:01:46 9308616 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-13 22:11:21 -------- d-----w- C:\ProgramData\Sophos
    2012-10-12 19:56:05 -------- d-----w- C:\CCE_Quarantine
    2012-10-12 14:47:02 -------- d-----w- C:\Users\Max\AppData\Roaming\Songbird2
    2012-10-12 14:47:02 -------- d-----w- C:\Users\Max\AppData\Local\Songbird2
    2012-10-12 14:33:32 15664 ----a-w- C:\Windows\SysWow64\drivers\GEARAspiWDM.sys
    2012-10-12 14:33:32 109360 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-10-12 14:33:00 -------- d-----w- C:\Program Files (x86)\Songbird
    2012-10-12 14:26:40 -------- d-----w- C:\Users\Max\.local
    2012-10-12 14:12:38 -------- d-----w- C:\Users\Max\AppData\Roaming\.kde
    2012-10-12 14:08:50 -------- d-----w- C:\Program Files (x86)\Amarok
    2012-10-10 05:11:00 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-10-10 05:09:57 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2012-10-10 05:09:56 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-10-10 05:09:56 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-10-10 05:09:56 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-10-10 05:09:56 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-10-10 05:09:51 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-10-09 18:02:50 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-06 07:26:41 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1512DAF9-2307-44C6-A6E3-BC5A4DE8F42A}\gapaengine.dll
    2012-10-01 21:02:31 -------- d-----w- C:\Users\Max\AppData\Roaming\SUPERAntiSpyware.com
    2012-10-01 21:02:05 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-10-01 21:02:05 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-10-01 21:00:10 -------- d-----w- C:\Program Files\Common Files\Bitdefender
    2012-09-28 12:21:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-09-28 12:21:23 -------- d-----w- C:\Users\Max\AppData\Roaming\LavasoftStatistics
    2012-09-28 12:19:21 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2012-09-28 12:11:19 -------- d-----w- C:\Users\Max\AppData\Local\Threat Expert
    2012-09-27 05:47:05 -------- d-----w- C:\Users\Max\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    2012-09-26 06:07:36 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-17 07:50:11 -------- d-----w- C:\Program Files (x86)\GOG.com
    2012-09-16 09:54:54 -------- d-----w- C:\Users\Max\AppData\Roaming\Malwarebytes
    2012-09-16 09:54:20 -------- d-----w- C:\ProgramData\Malwarebytes
    .
    ==================== Find3M ====================
    .
    2012-09-20 07:32:31 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-09-20 07:32:31 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-09-20 07:32:31 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-09-20 07:32:31 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-08-30 20:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-30 20:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 15:27:38 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-08-20 15:27:38 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-08-19 15:18:28 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-08-10 19:14:58 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-08-10 18:47:28 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
    2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 23:53:34.81 ===============


    aswMBR-log
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-15 23:52:58
    -----------------------------
    23:52:58.823 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:52:58.823 Number of processors: 4 586 0x2A07
    23:52:58.823 ComputerName: MAX-PC UserName: Max
    23:52:59.790 Initialize success
    23:54:34.624 AVAST engine defs: 12101501
    23:56:30.985 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port1Path0Target0Lun0
    23:56:30.985 Disk 0 Vendor: ST350041 CC38 Size: 476940MB BusType: 11
    23:56:30.985 Disk 0 MBR read successfully
    23:56:30.985 Disk 0 MBR scan
    23:56:30.985 Disk 0 Windows 7 default MBR code
    23:56:31.001 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 100 MB offset 2048
    23:56:31.016 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 476838 MB offset 206848
    23:56:31.047 Disk 0 scanning C:\Windows\system32\drivers
    23:56:42.903 Service scanning
    23:57:05.336 Modules scanning
    23:57:05.336 Disk 0 trace - called modules:
    23:57:05.336 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll mv91xx.sys
    23:57:05.336 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077ba060]
    23:57:05.851 3 CLASSPNP.SYS[fffff88001b0843f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port1Path0Target0Lun0[0xfffffa800750e050]
    23:57:07.333 AVAST engine scan C:\Windows
    23:57:10.484 AVAST engine scan C:\Windows\system32
    00:00:50.025 AVAST engine scan C:\Windows\system32\drivers
    00:01:04.954 AVAST engine scan C:\Users\Max
    00:08:46.143 Disk 0 MBR has been saved successfully to "C:\Users\Max\Desktop\MBR.dat"
    00:08:46.143 The log file has been saved successfully to "C:\Users\Max\Desktop\aswMBR.txt"


    Thanks on beforehand for taking the time to help me out here (seeing as I'm evidently an idiot when it comes to removing malware such as this). I appreciate it.
    Attached Files Attached Files

  2. #2
    Malware Team Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    201

    Default

    Hello lunarpac and welcome to the Safer Networking Forum.

    My name is Satchfan and I would be glad to help you with your computer problem.

    Please read the following guidelines which will help to make cleaning your machine easier:
    • please follow all instructions in the order posted
    • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
    • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
    • if you don't understand something, please don't hesitate to ask for clarification before proceeding
    • the fixes are specific to your problem and should only be used for this issue on this machine.
    • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

    IMPORTANT:

    Please DO NOT install/uninstall any programs unless asked to.
    Please DO NOT run any scans other than those requested

    I am looking at your logs now and will reply with instructions shortly.

    Satchfan

  3. #3
    Malware Team Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    201

    Default

    Hello again lunarpac

    Run RogueKiller

    IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

    Download RogueKiller to your desktop.
    • close all running programs
    • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    • when the prescan is finished, click on Scan
    • click on Report and copy/paste the content in your next post.[/list
      If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    Please post the contents of the RKreport.txt in your next reply.

    Remember: do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again.

    ===================================================

    Download and run AdwCleaner

    Download AdwCleaner from here and save it to your desktop.
    • run AdwCleaner and select Delete
    • when it has finished it will ask to reboot - allow the reboot
    • on reboot a log will be produced; please attach the content of the log to your next reply


    ===================================================

    Download and run OTL
    • download OTL to your desktop.
    • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • click Scan all users.
    • under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      %systemroot%\*. /rp /s
      DRIVES
      CREATERESTOREPOINT
    • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
    • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • you may need two posts to fit them both in.

    Logs to include with next post:

    RKreport.txt
    AdwCleaner log
    OTL.txt
    Extras.txt


    Thanks

    Satchfan

  4. #4
    Junior Member
    Join Date
    Oct 2012
    Posts
    18

    Default

    Thanks for helping me out Satchfan, I'm really grateful.

    I only ran RogueKiller once (as step #1), to clarify - I assumed the "Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again"-part did not apply to the reboot initiated by adwcleaner, and I did not run RogueKiller again before running OTL as step #3.

    Here are the logs.


    RKreport.txt
    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Max [Admin rights]
    Mode : Scan -- Date : 10/16/2012 18:10:21

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [TASK][SUSP PATH] {F6F121FE-C14B-4D15-8DC8-6358C9C07B90} : C:\Windows\system32\pcalua.exe -a C:\Users\Max\Desktop\vac401full\setup.exe -d C:\Users\Max\Desktop\vac401full -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : C:\Windows\Installer\{10377690-8118-0bba-4e71-c5658b5fc4ae}\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\Windows\Installer\{10377690-8118-0bba-4e71-c5658b5fc4ae}\L --> FOUND
    [ZeroAccess][FOLDER] U : C:\Users\Max\AppData\Local\{10377690-8118-0bba-4e71-c5658b5fc4ae}\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\Users\Max\AppData\Local\{10377690-8118-0bba-4e71-c5658b5fc4ae}\L --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost
    78.46.61.26 www.google-analytics.com.
    78.46.61.26 ad-emea.doubleclick.net.
    78.46.61.26 www.statcounter.com.
    108.163.215.51 www.google-analytics.com.
    108.163.215.51 ad-emea.doubleclick.net.
    108.163.215.51 www.statcounter.com.


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
    --- User ---
    [MBR] b375a0ddcb84adfac20b21978e12deb9
    [BSP] 6f51a4a0bed3e98e560c1480163325d1 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    AdwCleaner log
    # AdwCleaner v2.005 - Logfile created 10/16/2012 at 18:12:25
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Max - MAX-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Max\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\Users\Max\AppData\Local\Ilivid Player

    ***** [Registry] *****

    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.1 (en-US)

    Profile name : default
    File : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\go2atoz2.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1907 octets] - [14/10/2012 11:29:50]
    AdwCleaner[S2].txt - [1712 octets] - [16/10/2012 18:12:25]

    ########## EOF - C:\AdwCleaner[S2].txt - [1772 octets] ##########

  5. #5
    Junior Member
    Join Date
    Oct 2012
    Posts
    18

    Default

    OTL.txt (part 1, broken off before listing files created within 30 days
    OTL logfile created on: 2012-10-16 18:15:37 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    7.97 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.53% Memory free
    13.96 Gb Paging File | 11.21 Gb Available in Paging File | 80.25% Paging File free
    Paging file location(s): c:\pagefile.sys 6142 6142 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 53.48 Gb Free Space | 11.49% Space Free | Partition Type: NTFS
    Drive E: | 100.00 Mb Total Space | 70.28 Mb Free Space | 70.28% Space Free | Partition Type: NTFS

    Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-10-16 18:09:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
    PRC - [2012-10-11 03:05:57 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012-08-10 21:14:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
    PRC - [2012-06-14 20:36:50 | 000,932,528 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    PRC - [2011-09-15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2011-06-13 10:36:54 | 000,922,240 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    PRC - [2011-05-24 20:54:46 | 001,426,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    PRC - [2011-04-26 11:20:48 | 001,101,440 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    PRC - [2011-01-11 16:21:14 | 001,214,080 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    PRC - [2010-12-02 04:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    PRC - [2010-11-26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    PRC - [2010-10-21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    PRC - [2010-09-24 21:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-10-11 03:05:59 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012-06-26 20:03:08 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
    MOD - [2012-06-26 20:02:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012-06-26 20:02:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012-06-26 20:02:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012-06-26 20:02:53 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012-06-14 20:36:50 | 000,932,528 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    MOD - [2012-04-17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
    MOD - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    MOD - [2012-04-17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
    MOD - [2012-04-17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
    MOD - [2012-04-17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
    MOD - [2012-04-17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
    MOD - [2012-04-17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
    MOD - [2012-04-17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
    MOD - [2012-04-17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
    MOD - [2011-05-20 09:12:18 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
    MOD - [2011-05-16 17:35:56 | 000,965,632 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
    MOD - [2011-04-07 17:33:18 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
    MOD - [2011-03-04 10:33:44 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
    MOD - [2011-02-24 10:19:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
    MOD - [2011-01-07 16:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
    MOD - [2010-11-05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010-10-15 17:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
    MOD - [2010-08-23 04:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
    MOD - [2010-08-06 18:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
    MOD - [2010-08-06 18:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
    MOD - [2010-06-21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
    MOD - [2010-06-21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
    MOD - [2009-08-12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
    MOD - [2009-05-21 10:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012-09-12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012-09-12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012-07-11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2012-04-06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010-08-12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
    SRV:64bit: - [2009-07-20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012-10-15 23:58:54 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-10-11 03:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012-10-04 17:54:07 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012-08-10 21:14:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011-09-15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2011-06-13 10:36:54 | 000,922,240 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
    SRV - [2011-06-08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2011-03-28 21:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2010-12-02 04:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
    SRV - [2010-10-21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009-12-15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007-05-31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007-05-31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
    DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
    DRV:64bit: - [2012-08-30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012-04-06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012-04-06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012-03-09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012-02-23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011-10-19 18:33:12 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2011-09-14 17:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011-09-14 17:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011-07-22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011-07-12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011-05-18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
    DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-11-20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2010-10-19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010-10-08 03:41:18 | 000,013,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvflash.sys -- (NVFLASH)
    DRV:64bit: - [2010-09-21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
    DRV:64bit: - [2010-08-27 19:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
    DRV:64bit: - [2010-08-17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
    DRV:64bit: - [2010-07-13 18:19:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2010-07-13 18:19:38 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2010-01-28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009-12-18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2009-11-02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009-08-09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
    DRV:64bit: - [2009-07-14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009-06-17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2009-06-17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2009-06-17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-03-01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV - [2012-06-08 09:28:32 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005-01-02 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21983
    IE - HKLM\..\SearchScopes,DefaultScope =


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21983
    IE - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
    IE - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 32 20 81 AA D5 CA 01 [binary data]
    IE - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.se/ig"
    FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.7.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-15 23:23:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-08-23 22:13:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2012-10-15 23:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Extensions
    [2012-10-12 16:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
    [2012-10-15 23:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\go2atoz2.default\extensions
    [2012-10-15 23:38:01 | 000,221,242 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\go2atoz2.default\extensions\artur.dubovoy@gmail.com.xpi
    [2012-10-15 23:26:33 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\go2atoz2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012-10-15 23:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012-10-11 03:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012-03-07 13:28:56 | 000,244,544 | ---- | M] (SecMaker AB) -- C:\Program Files (x86)\mozilla firefox\plugins\npiidplg.dll
    [2012-10-11 03:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012-10-11 03:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/ig
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Max\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Max\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Max\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Net iD (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll
    CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Max\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - Extension: YouTube = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Kalender = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
    CHR - Extension: Google Theme = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne\1.0.1_0\
    CHR - Extension: Google Mail Checker = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
    CHR - Extension: Google Reader = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.2_0\
    CHR - Extension: Gmail = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012-08-13 19:22:09 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 78.46.61.26 www.google-analytics.com.
    O1 - Hosts: 78.46.61.26 ad-emea.doubleclick.net.
    O1 - Hosts: 78.46.61.26 www.statcounter.com.
    O1 - Hosts: 108.163.215.51 www.google-analytics.com.
    O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    O1 - Hosts: 108.163.215.51 www.statcounter.com.
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Net iD] C:\Program Files\Net iD\iid.exe (SecMaker AB)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [Net iD] C:\Program Files (x86)\Net iD\iid.exe (SecMaker AB)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1666464932-787091987-3193995767-1000..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-1666464932-787091987-3193995767-1000..\Run: [Spotify Web Helper] C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
    O4 - HKU\S-1-5-21-1666464932-787091987-3193995767-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1666464932-787091987-3193995767-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 79.138.0.180 85.8.31.209
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A85E31-4D53-438C-8BF9-DB3B5F11B375}: DhcpNameServer = 79.138.0.180 85.8.31.209
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB2B4FA5-6527-4A2D-8E86-925589073BAF}: DhcpNameServer = 79.138.0.180 85.8.31.209
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{3cf5a0ce-88d4-11e1-be62-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{3cf5a0ce-88d4-11e1-be62-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ncd.exe
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

  6. #6
    Junior Member
    Join Date
    Oct 2012
    Posts
    18

    Default

    OTL.txt (part 2, continuing with files created within 30 days)
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-10-16 18:09:58 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\RK_Quarantine
    [2012-10-16 18:09:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
    [2012-10-16 17:07:45 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Hot.Rod[2007]DvDrip.AC3[Eng]-aXXo
    [2012-10-16 00:05:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Macromedia
    [2012-10-15 23:58:54 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012-10-15 23:58:54 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012-10-15 23:52:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    [2012-10-15 23:51:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe
    [2012-10-15 23:51:43 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\Max\Desktop\dds.scr
    [2012-10-15 23:51:17 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\2012-10-15
    [2012-10-15 23:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012-10-15 23:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2012-10-15 23:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012-10-15 23:04:36 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\24476593.sys
    [2012-10-15 23:04:32 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\tdsskiller
    [2012-10-15 21:17:23 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\RIFT
    [2012-10-15 20:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
    [2012-10-15 20:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT Game
    [2012-10-14 16:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
    [2012-10-14 16:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
    [2012-10-14 16:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
    [2012-10-14 00:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
    [2012-10-12 21:56:05 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
    [2012-10-12 17:06:13 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Apple Computer
    [2012-10-12 16:47:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Songbird2
    [2012-10-12 16:47:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Songbird2
    [2012-10-12 16:33:32 | 000,109,360 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
    [2012-10-12 16:33:32 | 000,015,664 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\drivers\GEARAspiWDM.sys
    [2012-10-12 16:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songbird
    [2012-10-12 16:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Songbird
    [2012-10-12 16:26:40 | 000,000,000 | ---D | C] -- C:\Users\Max\.local
    [2012-10-12 16:12:38 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\.kde
    [2012-10-12 16:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amarok
    [2012-10-12 16:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amarok
    [2012-10-11 15:37:47 | 062,968,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012-10-10 07:10:57 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012-10-10 07:10:56 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012-10-10 07:10:55 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012-10-10 07:10:38 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012-10-10 07:10:31 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2012-10-10 07:10:31 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2012-10-10 07:10:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2012-10-10 07:10:31 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012-10-10 07:10:29 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2012-10-10 07:10:29 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2012-10-10 07:10:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2012-10-10 07:10:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2012-10-10 07:10:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2012-10-10 07:10:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2012-10-10 07:10:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2012-10-10 07:10:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2012-10-10 07:10:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012-10-10 07:10:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012-10-10 07:10:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012-10-10 07:10:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012-10-10 07:10:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012-10-10 07:10:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012-10-10 07:10:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012-10-10 07:10:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012-10-10 07:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012-10-10 07:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012-10-10 07:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012-10-10 07:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012-10-10 07:10:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012-10-10 07:10:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012-10-10 07:10:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012-10-10 07:10:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012-10-10 07:10:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012-10-10 07:10:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012-10-10 07:10:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012-10-10 07:10:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012-10-10 07:10:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2012-10-10 07:09:57 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2012-10-10 07:09:56 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2012-10-09 20:02:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012-10-09 18:49:58 | 000,000,000 | R--D | C] -- C:\Users\Max\Documents\Scanned Documents
    [2012-10-09 18:49:58 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Fax
    [2012-10-09 18:05:46 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\cce_2.5.242177.201_x64
    [2012-10-07 22:13:23 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\My Cheat Tables
    [2012-10-03 17:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Sports
    [2012-10-01 23:02:31 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\SUPERAntiSpyware.com
    [2012-10-01 23:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012-10-01 23:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012-10-01 23:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012-10-01 23:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
    [2012-09-30 21:22:33 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Microsoft Hardware
    [2012-09-28 14:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012-09-28 14:21:23 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\LavasoftStatistics
    [2012-09-28 14:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
    [2012-09-28 14:11:19 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Threat Expert
    [2012-09-27 07:47:05 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2012-09-26 08:07:36 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
    [2012-09-23 14:21:15 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012-09-23 14:21:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012-09-23 14:21:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012-09-23 14:21:12 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012-09-23 14:21:12 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012-09-23 14:21:10 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012-09-23 14:21:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012-09-17 09:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    [2012-09-17 09:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com
    [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-10-16 18:13:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-10-16 18:13:33 | 2121,633,791 | -HS- | M] () -- C:\hiberfil.sys
    [2012-10-16 18:09:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
    [2012-10-16 18:09:24 | 000,538,941 | ---- | M] () -- C:\Users\Max\Desktop\adwcleaner.exe
    [2012-10-16 18:09:17 | 001,425,920 | ---- | M] () -- C:\Users\Max\Desktop\RogueKiller.exe
    [2012-10-16 17:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-10-16 15:02:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5ce86dbb-8e71-4ace-9559-05959e1ace55.job
    [2012-10-16 08:14:29 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-10-16 08:14:29 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-10-16 08:07:00 | 005,337,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012-10-16 00:08:46 | 000,000,512 | ---- | M] () -- C:\Users\Max\Desktop\MBR.dat
    [2012-10-15 23:58:54 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012-10-15 23:58:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012-10-15 23:54:12 | 000,004,248 | ---- | M] () -- C:\Users\Max\Desktop\attach.zip
    [2012-10-15 23:51:57 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe
    [2012-10-15 23:51:45 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\Max\Desktop\dds.scr
    [2012-10-15 23:04:37 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\24476593.sys
    [2012-10-15 20:45:02 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\RIFT.lnk
    [2012-10-15 12:58:13 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\NBA 2K13.lnk
    [2012-10-14 16:40:32 | 000,001,838 | ---- | M] () -- C:\Users\Max\Desktop\TERA.lnk
    [2012-10-10 17:55:39 | 000,001,143 | ---- | M] () -- C:\Users\Max\Desktop\MTI.lnk
    [2012-10-02 09:43:06 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012-10-02 09:43:04 | 000,663,838 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012-10-02 09:43:04 | 000,125,968 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012-09-30 17:09:53 | 000,800,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012-09-28 00:32:12 | 062,968,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2012-09-23 18:29:03 | 000,000,132 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Adobe PNG Format CS6 Prefs
    [2012-09-20 18:17:27 | 000,000,222 | ---- | M] () -- C:\Users\Max\Desktop\Torchlight II.url
    [2012-09-20 09:32:31 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012-09-20 09:32:31 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012-09-20 09:32:31 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
    [2012-09-20 09:32:31 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
    [2012-09-19 17:35:41 | 000,000,221 | ---- | M] () -- C:\Users\Max\Desktop\Borderlands 2.url
    [2012-09-17 09:50:13 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\Faster Than Light.lnk
    [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-10-16 18:09:21 | 000,538,941 | ---- | C] () -- C:\Users\Max\Desktop\adwcleaner.exe
    [2012-10-16 18:09:15 | 001,425,920 | ---- | C] () -- C:\Users\Max\Desktop\RogueKiller.exe
    [2012-10-16 08:06:42 | 005,337,872 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012-10-16 00:08:46 | 000,000,512 | ---- | C] () -- C:\Users\Max\Desktop\MBR.dat
    [2012-10-15 23:58:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-10-15 23:54:12 | 000,004,248 | ---- | C] () -- C:\Users\Max\Desktop\attach.zip
    [2012-10-15 23:23:37 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012-10-15 20:45:02 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\RIFT.lnk
    [2012-10-14 16:40:32 | 000,001,838 | ---- | C] () -- C:\Users\Max\Desktop\TERA.lnk
    [2012-10-10 17:55:39 | 000,001,143 | ---- | C] () -- C:\Users\Max\Desktop\MTI.lnk
    [2012-10-04 08:03:50 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5ce86dbb-8e71-4ace-9559-05959e1ace55.job
    [2012-10-03 17:48:14 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\NBA 2K13.lnk
    [2012-09-20 18:17:27 | 000,000,222 | ---- | C] () -- C:\Users\Max\Desktop\Torchlight II.url
    [2012-09-19 17:35:41 | 000,000,221 | ---- | C] () -- C:\Users\Max\Desktop\Borderlands 2.url
    [2012-09-17 09:50:13 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\Faster Than Light.lnk
    [2012-09-16 15:22:24 | 000,000,132 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Adobe PNG Format CS6 Prefs
    [2012-09-16 15:15:37 | 000,001,456 | ---- | C] () -- C:\Users\Max\AppData\Local\Adobe Save for Web 13.0 Prefs
    [2012-07-24 22:09:36 | 000,000,132 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
    [2012-07-23 19:49:18 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2012-07-07 15:43:38 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012-07-07 15:43:36 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
    [2012-07-07 15:43:36 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012-06-26 21:06:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012-06-16 18:57:47 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
    [2012-05-23 22:45:00 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat
    [2012-05-23 22:44:45 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
    [2012-05-19 22:11:44 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
    [2012-05-18 21:13:57 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2012-05-14 00:28:03 | 000,136,760 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012-05-11 00:41:31 | 000,045,270 | ---- | C] () -- C:\Users\Max\AppData\Roaming\room_v3.dat
    [2012-04-18 18:11:04 | 004,049,616 | ---- | C] () -- C:\Windows\PE_Rom.dll
    [2012-04-17 23:51:43 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012-04-17 23:51:39 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2012-04-17 23:31:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012-04-17 23:31:24 | 000,027,129 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012-04-03 08:25:05 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
    [2012-03-25 16:28:27 | 000,004,096 | -H-- | C] () -- C:\Users\Max\AppData\Local\keyfile3.drm
    [2012-03-16 22:56:31 | 000,000,132 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012-03-13 08:45:06 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012-03-13 08:45:06 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012-03-09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012-02-15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012-02-15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012-01-10 03:59:55 | 000,060,905 | ---- | C] () -- C:\Users\Max\AppData\Roaming\icarus-dxdiag.xml
    [2012-01-08 02:51:46 | 000,000,040 | ---- | C] () -- C:\Users\Max\jagex_cl_runescape_LIVE.dat
    [2011-10-19 19:02:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
    [2011-10-04 08:10:47 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
    [2011-10-02 21:43:47 | 000,007,600 | ---- | C] () -- C:\Users\Max\AppData\Local\Resmon.ResmonCfg
    [2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011-05-31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
    [2011-05-31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
    [2011-05-20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011-02-24 15:02:33 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2011-02-24 15:02:33 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2010-09-13 22:02:43 | 000,033,762 | ---- | C] () -- C:\Users\Max\install.xml
    [2010-09-13 21:56:29 | 000,000,000 | ---- | C] () -- C:\Users\Max\jagex__preferences3.dat
    [2010-09-13 21:56:19 | 000,000,129 | ---- | C] () -- C:\Users\Max\jagex_runescape_preferences2.dat
    [2010-09-13 21:54:29 | 000,000,046 | ---- | C] () -- C:\Users\Max\jagex_runescape_preferences.dat
    [2010-07-12 16:16:00 | 000,000,091 | ---- | C] () -- C:\Users\Max\AppData\Local\fusioncache.dat

    ========== ZeroAccess Check ==========

    [2012-08-23 22:13:45 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{10377690-8118-0bba-4e71-c5658b5fc4ae}\L
    [2012-08-23 19:29:57 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{10377690-8118-0bba-4e71-c5658b5fc4ae}\U
    [2011-11-17 08:41:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Local\{10377690-8118-0bba-4e71-c5658b5fc4ae}\L
    [2011-11-17 08:41:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Local\{10377690-8118-0bba-4e71-c5658b5fc4ae}\U
    [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >
    [2007-11-07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

    < MD5 for: EXPLORER.EXE >
    [2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011-02-26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011-02-26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009-08-03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009-10-31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009-08-03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010-11-20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009-10-31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009-08-03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009-10-31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011-02-26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009-08-03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010-11-20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010-11-20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < %systemroot%\*. /rp /s >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: SCSI
    Media Type: Fixed hard disk media
    Model: ST350041 8AS SCSI Disk Device
    Partitions: 2
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 466.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 6144 bytes -> C:\ProgramData:gs5sys
    @Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
    @Alternate Data Stream - 1536 bytes -> C:\Users\Max\Documents\desktop.ini:gs5sys
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

    < End of report >

  7. #7
    Junior Member
    Join Date
    Oct 2012
    Posts
    18

    Default

    Extras.txt (part 1, broken off before uninstall list)
    OTL Extras logfile created on: 2012-10-16 18:15:37 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    7.97 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.53% Memory free
    13.96 Gb Paging File | 11.21 Gb Available in Paging File | 80.25% Paging File free
    Paging file location(s): c:\pagefile.sys 6142 6142 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 53.48 Gb Free Space | 11.49% Space Free | Partition Type: NTFS
    Drive E: | 100.00 Mb Total Space | 70.28 Mb Free Space | 70.28% Space Free | Partition Type: NTFS

    Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
    "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01950D06-40B6-4393-A6C3-BE1FE9697A37}" = lport=4000 | protocol=6 | dir=in | name=d2 host |
    "{135A13C9-00B0-4F03-82F6-7EBD89A5FD4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{16F01A73-AE8E-45EC-9D2D-A20BAC96CBD1}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
    "{1861464B-8B5D-449F-BBC3-6DE8C6F10055}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
    "{1A0B668E-0581-4260-A913-2B6369A20C5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{29D177DE-C4BE-404D-B476-A46A5E2BEFE5}" = lport=6938 | protocol=6 | dir=in | name=league of legends launcher |
    "{2A3B0DD5-2A2E-4826-9F18-FC013524A548}" = rport=7011 | protocol=6 | dir=out | name=sacred 2 mp |
    "{2AD2CBC4-D1FC-4A3E-B03E-F40CB92A89AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2C16DF1D-55C7-4E4C-A50A-079FBA3471D7}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
    "{2DD628F1-D126-414E-A398-3C6C4D20F1B3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2EE62B8D-4E6E-4741-9E35-6011B8A9D135}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{347E802D-DFE9-4200-A01B-A404574BF821}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher |
    "{37F53513-9D2C-4829-82BB-86DDC30C6B29}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{41F4C621-47C8-4953-97D7-6D215B40B44E}" = rport=139 | protocol=6 | dir=out | app=system |
    "{47974A0B-ABB0-426F-B79E-BEBB71E9F888}" = lport=57993 | protocol=6 | dir=in | name=pando media booster |
    "{479BA326-E94F-4251-81AA-B0823D141106}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
    "{48B64F01-8B7E-45B2-9EDA-CC44E295AC6D}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
    "{4F50A194-D75E-49AC-9C12-67C7892F4F90}" = lport=137 | protocol=17 | dir=in | app=system |
    "{502820AE-9F33-461B-A326-4C67AB455DBB}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{5ADAD641-AEB5-480D-A2B7-19F36AACA093}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{623E1902-159A-47E1-BCA0-AEC95C628E0E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{64AA7C81-344F-4EAF-9C7A-4736C4633959}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6B0551AA-2153-45DD-8495-E1760FB5C6B3}" = lport=49209 | protocol=6 | dir=in | name=akamai netsession interface |
    "{74C8F66A-998D-4670-A3A0-DBBD7BA1E7DF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{7B8340B9-372D-47B1-8838-D785194F6A33}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{7BA40EF6-AF52-4FA1-8335-F01B866F8AAF}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
    "{7C173A21-3553-49DD-805C-A2AC6F694080}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{7D423968-EBAF-4FCF-8F94-418479EEEF06}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{7F7C05D6-0C07-433F-8D35-91BA871B37DE}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
    "{83CD84F6-8C4C-44B4-AF47-A7986F892C42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{84A93955-4B67-47AA-964A-24324EEA4E25}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
    "{8C16775B-5277-4BA7-956E-592604528732}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8FFE2E10-7BBC-4FE8-913F-647D4124D65E}" = rport=50000 | protocol=17 | dir=out | name=sacred 2 host |
    "{98985640-4B61-4623-AE7D-87A691BB53EA}" = rport=1119 | protocol=6 | dir=out | name=blizzard launcher |
    "{99047E36-8FA3-457E-93F4-FC85404DE34B}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
    "{99B30B5D-49EC-4DB3-82BD-FE9C13A0B93B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9D01B228-A3DA-4056-A115-25A1B64D775D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{A171A5E0-BC98-429F-900D-DDA726E3313B}" = lport=139 | protocol=6 | dir=in | app=system |
    "{A8B04642-4BAC-4264-8784-C64BF6C151E3}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
    "{A9B99BD4-E6B8-4444-8C7E-B77EACE47D27}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B344D77A-58B5-4DD7-9F9B-3379DEC5649A}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher |
    "{B44082FC-13D1-4126-8AA5-036373184A38}" = rport=50001 | protocol=6 | dir=out | name=sacred 2 host tcp |
    "{B4DEE289-EB28-4563-8EC8-0F5997276272}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
    "{BFFDAA2B-15D5-4B4A-9DB1-A934BFFAA4DB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{C4668A4D-7949-4939-B710-D38701D1509E}" = lport=6892 | protocol=6 | dir=in | name=league of legends launcher |
    "{C5DE37AD-0A38-4DD9-9884-1BCE3A05AB2E}" = lport=57993 | protocol=17 | dir=in | name=pando media booster |
    "{CD9DFA19-0B00-480E-90A3-9A0C2AA5B0F1}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
    "{D00DB5CD-E704-4298-A5F3-E281B3189992}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{D61688A6-FB4E-437E-9779-B019C9DF0B3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E29EEBEF-BDCC-4A9A-B640-5E8C970DB495}" = lport=57993 | protocol=17 | dir=in | name=pando media booster |
    "{E2CFE1F3-A2C3-4FC0-9847-FFA8E6287D61}" = lport=6938 | protocol=17 | dir=in | name=league of legends launcher |
    "{E4D5BF18-7DCE-4319-96AF-021561EB1A37}" = rport=138 | protocol=17 | dir=out | app=system |
    "{E6697A1D-1C55-42B9-ACA4-1DF6EFEBBA7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{F13CF19E-6BCC-4804-B14F-735193F31715}" = rport=7240 | protocol=17 | dir=out | name=mount and blade |
    "{F5535606-DC3E-498B-A759-DEFAAFBFAE01}" = lport=445 | protocol=6 | dir=in | app=system |
    "{F60E8CE2-E68C-4F6D-A146-0E511D2344E2}" = lport=57993 | protocol=6 | dir=in | name=pando media booster |
    "{F8755516-D719-41FE-96BB-5385F2016937}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
    "{FF69E558-087C-4A17-913D-D6507D97D20D}" = lport=6892 | protocol=17 | dir=in | name=league of legends launcher |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0049111D-7660-4C6E-BE0D-6FAE32A63F01}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{0346A079-7817-47A1-90EE-E41582263B43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{04657F8C-50D2-4777-83DF-9D15FECFC2DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0682A7E7-576E-4049-B148-1B8446FB05E9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{093ABB7F-D287-49C7-9DDF-137902E2DA0A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{09A5F75E-DD0A-4F4A-B1CB-44DCD35B71DA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{0D6A4ED0-F163-46FC-B49D-5CB90103DE4C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{10D95645-B622-4B13-BBB3-8A74CB12BBF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{11BEB00A-49EA-4BB7-93FE-9EA96B0039D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{15AA4BF0-A894-42AE-B2C2-60C7F155CEE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
    "{177ECE66-EB06-4BE9-A511-9FE1A0498C0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{18697BFC-2378-4DB1-8D61-8BF1CA9ABF7A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{1A19F647-9255-4F49-B323-D6ABC7C2D6B8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{1EEEA821-5E95-4C69-BE51-3FAAFD58D505}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{2095D11F-F51B-43BF-8A45-E9F48575B4B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{21B7AEC4-2396-4023-9ADD-6B69D51DFD1B}" = dir=in | app=%programfiles% (x86)\diablo ii\diablo ii.exe |
    "{21C863A1-F0DC-4333-AAD4-153DB62DA927}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{24414853-EB32-4F4E-B5D1-1E3A586806DC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{24E603EC-7B2C-4539-93B4-CB5E012D7A36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{271CB4C4-579A-4A2B-A6D5-EF3214587A01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{28B314A4-6C28-4144-8576-1709FBDC69F3}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{29BB05C6-FC7B-472B-9F52-5D9BA0F5A6B5}" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\spotify\spotify.exe |
    "{2A76E750-5A22-403C-990E-52624EAD0BBD}" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe |
    "{2B0A30E4-5022-4ED2-B1A2-8D39B0F6BDF8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{2DE2D945-2FC5-481E-B53C-3E607C3C918E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2FB06D61-FFD2-4E7C-9A53-FFC3B75E7F85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{34BEFD69-252A-420C-BE9A-03E2CF2074BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{35AE4E77-1EBA-4E72-8D3B-A0327281D654}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
    "{39068207-738E-4114-A4ED-78FE0B90DC94}" = dir=in | app=%programfiles% (x86)\garena plus\garenamessenger.exe |
    "{3EBFE7FF-4FE4-42B5-B66A-DB2504F92070}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{42C7B28C-CFE6-4AAF-BAFE-E296FE137F67}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{439D3679-754F-41FB-AE66-2C10CF2ABE6C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{4834B52F-E445-4639-A7A5-5EAE9357AF61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{49C701D6-6186-49D8-ADC6-5E86E7CBD4B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4C6AF6D6-C8A0-4C27-84EF-03F55B458A6C}" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe |
    "{4D4AFD5B-A57B-473E-B2AE-14D1A8DF4BF3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{4F29764E-64AF-41A9-9E25-6790C3CBF1A3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{4F791CA9-70E3-4324-B534-DEC2FD92BAAB}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{508E7677-4EDB-4E8A-AF37-6F921D114852}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{50CC4C64-AF2A-448A-92BF-2200746B93D2}" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
    "{516DA9D5-46F2-4992-BB69-0BEFF49DBAD6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{51FB0C9E-602A-4D42-AE04-2FC0CEFAAA9D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{54756948-98E3-4D1B-AB22-718418455E01}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{55848EF7-BF84-4D72-A270-BECC420B7D17}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{59402A29-89A6-4684-AD72-5B83630815B2}" = dir=in | app=%programfiles% (x86)\htc\htc sync 3.0\htcupctloader.exe |
    "{5A418E46-D034-422C-9B8C-33904EF79452}" = dir=out | app=%programfiles% (x86)\the elder scrolls v skyrim\skyrimlauncher.exe |
    "{5BD14700-4EC1-4663-9E48-6DB30E26F7B6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{5E615F38-904C-4913-9E3C-EFE5EE02448B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
    "{5EA6124B-2D48-433C-9B03-F4058F77B6B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
    "{60B6BF8B-2269-4825-BE54-E57EAC0ECCD6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{613386E5-829B-4792-926D-4EEEF3DCB58E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{64302065-D0C1-4F8B-BFAD-FEB1D5F03356}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{68ACE657-E5CC-482A-AF24-A6886CCBBA9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
    "{691B3546-60A6-40CE-8D95-8B950A0B6DC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{69D777DD-4055-4B18-84BD-6FBBE061A414}" = dir=out | app=%programfiles%\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe |
    "{6B09B5C8-E430-4115-B020-E4C36E9FF2C7}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{6B5F05AC-7C37-4AA9-82DA-B21B5DE830B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
    "{6E1C50E4-F4D2-4BFB-B584-69ADBDA9E9B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6EAB91B5-11D4-4A24-AD7D-D07AB2F114C1}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{6F85EC6C-4D24-4A0C-87AB-4D294D6AC751}" = dir=out | app=%systemdrive%\fraps\fraps.exe |
    "{7176DE1A-D070-42F8-A865-21FBA2E5C52E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{71C13B1C-78A6-4A80-B79D-ED27B50D83C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{72463A80-C277-4D55-83A1-D984333766EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7510F007-8AB3-4E5C-A2F3-79EBD142EC75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7609F5AA-D313-4E54-AA9E-9B82E4E54928}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7677C933-7B64-47EC-B8A9-1050EAA72C83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{77A86130-D83C-477B-A0D0-C4A2ADC8EEE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
    "{796D9048-B349-4299-8438-03EDE0F938D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7AE1847E-2BA0-4B1D-AE75-BFF03E5A2FCA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{7DE27E92-BED0-4DCE-AC40-78DAD0F46AB7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7FF72E2E-4876-44F2-858F-31ED8AAFFE9C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{80CDC4F9-AFE6-48CB-9C8D-8D7161FC82C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8273A696-31A2-4C5A-84C2-FBEE890A366C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{828FC9EA-5B49-422B-9ED2-0AD4878B1C7F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{82A5BB74-AFD1-4071-AD80-6B9D001E5ADB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
    "{835EA6E1-A62C-4DEF-B706-2CB924F0CACE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kvelland\counter-strike\hl.exe |
    "{874DFFB7-FF50-4839-8AEC-81243942523D}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{88DB252C-A6CC-4C54-B044-F847328B3B8A}" = protocol=58 | dir=in | app=system |
    "{8BA962C3-05F3-4A6C-9C15-AF8CBDFB2885}" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\spotify\spotify.exe |
    "{8F6A0CDD-67D2-4EE3-92CB-C5DF4B77A20C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{92A23959-9783-4F63-A059-D2046C05A092}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{94198779-017E-415D-A140-FB73EF16580E}" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
    "{95FA4CA6-A3A7-4046-B811-482B16873FAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space pirates and zombies\spazgame.exe |
    "{996B9CD5-94FC-4429-A5E3-81861FFB7149}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{9B2236FB-6EA6-476C-83E1-A4482FB6B308}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
    "{9CF3BEA0-4DB7-46D7-854B-EA470D890CBD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A2C1D90F-FF2C-481B-90B2-13421EC310E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A7E0B64A-5D5C-4FF0-AF6F-4C763DA5676A}" = dir=out | app=%programfiles% (x86)\sony\vegas movie studio hd platinum 10.0\vegasmoviestudiope100.exe |
    "{A8AF3476-556B-4EDD-8A1B-81539FBE876C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{AC964712-BDED-4390-BB16-0F484C9B83B7}" = dir=out | app=%programfiles%\adobe\adobe after effects cs6\support files\afterfx.exe |
    "{AE90A305-BC85-4528-8BB2-66DCE6DACECA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B049AABD-DE15-4D7F-A206-7C48B6D7711D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{B45B07DB-CF22-446B-9374-FCBE4287B30B}" = dir=out | app=%programfiles% (x86)\adobe\adobe flash cs5.5\flash.exe |
    "{B5C595F2-FF71-4379-9046-DABA219C5638}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{B8064ECD-3AA6-4747-A97E-3C0ECD5AAE7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
    "{B9520A2B-AFDE-4A29-921C-79CEAFF43897}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{BBDA2152-0738-4710-A9CC-81694C65157B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{BDB00494-E404-4B23-B6D7-37A6FE7674D7}" = dir=out | app=%programfiles% (x86)\2k sports\nba 2k13\nba2k13.exe |
    "{C03FD972-C2A3-46FA-9D57-D58C6A483A7C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C04F57CA-C354-427C-9937-1C1B3D0146C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{C824A3F1-77CC-4362-BE99-FE8168181DEC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
    "{C9B887B8-7F01-42D4-BD28-89304E628B81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{CAF52F1E-3029-464B-8A28-2620C5C1ECAA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{CC1C6AC5-3B4B-4B27-B0F9-41637111356A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{CDDD625A-2DB4-45F0-816D-A4FBE9B17D8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D1F3A913-4353-496E-8209-0D42CB0D1F8F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{D1F8A7C8-0C94-4872-9D8D-3ECFEB83B510}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{D38D3BD6-221E-4513-BADB-DE6DDC82BB62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
    "{D6A32B8C-6101-4B50-80A8-4DB3959CB432}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{D7CF25D9-F19D-4076-B68D-DC885200C152}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
    "{D87E7302-3CD5-46A1-9CAA-B7FE9AFA6D6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kvelland\counter-strike\hl.exe |
    "{DA5541AD-1844-4CF0-92B0-CD7A2BBA3D7F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
    "{DAFC78B7-906E-41F2-B57C-8F07DBA95173}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DF6F7B09-CCB1-4AB6-AF90-BC7AA410523B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
    "{E1F78D8E-8358-4829-B662-9E2B1265CE3E}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
    "{E2D3DECD-E975-4592-9C68-C4CF8E14F4F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{E4AC1BB3-0D1D-40A1-B6B2-7FFD67585596}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
    "{E4B1E6FF-AF81-4641-B58C-B57811EACAEC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E50DA930-30D8-4D44-A5A8-7EBEA8DAD111}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E66EA7A1-98E6-4E3F-A780-5043546D6E81}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{E6B7736A-7E91-41FF-93BA-262A5D4F1B67}" = dir=out | app=%programfiles% (x86)\dragon age\daoriginslauncher.exe |
    "{E91F18AF-975D-43CE-9C09-E9BAFA21BCC0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EC25BA54-B893-48DD-A49C-CFFDDD5B72B0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{ECB4C827-A79E-42CA-93E3-3CEDD594A621}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
    "{F23405EE-48AD-4D89-832B-636EF6A71B0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space pirates and zombies\spazgame.exe |
    "{F5908104-C731-47B9-A1DE-2D8BB1628649}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F5CAE198-CEDD-4803-86CF-CA9E153A07DA}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{F5FADF07-B713-4C15-A441-D84B12704645}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{FF4BD2A9-19E9-413E-9463-EC8951EDDBA8}" = dir=out | app=%programfiles%\adobe\adobe illustrator cs6 (64 bit)\support files\contents\windows\illustrator.exe |
    "TCP Query User{0B319C97-BD05-4415-9609-246D5E648755}C:\program files (x86)\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
    "TCP Query User{0F1849C2-1BCD-41F6-AF86-2848BF26CA5B}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
    "TCP Query User{174497E9-469C-46A5-B372-2EA08C7F5258}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
    "TCP Query User{258877B3-FE0F-4633-BBE9-674DC0CAD00A}C:\program files (x86)\mount&blade warband\mb_warband.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mount&blade warband\mb_warband.exe |
    "TCP Query User{34F1604E-3BE5-4145-BBF6-06C3A4F272D9}G:\lanspel\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=g:\lanspel\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
    "TCP Query User{618BDDAC-5F0E-40A3-910C-03435C1648D4}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
    "TCP Query User{81923CB6-8B28-4BEB-AF3D-6C396739A9E9}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
    "TCP Query User{90EB82B8-F1BA-4A60-BBEC-1C901977EFAB}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
    "TCP Query User{9680A008-0FE0-438C-9DFA-3603A48A53FE}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "TCP Query User{A7B9E279-6CDC-461E-88DF-E5F5FA2E227B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
    "TCP Query User{A8FE665C-BF87-47DB-A363-2D5992D76DBD}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
    "TCP Query User{A9B380F9-33F8-4883-A34B-BF97051B7FF7}C:\program files (x86)\grid\grid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\grid\grid.exe |
    "TCP Query User{AA69C8DF-F24F-4F48-9C86-698037319BDB}C:\program files\ynhub\ynhub.exe" = protocol=6 | dir=in | app=c:\program files\ynhub\ynhub.exe |
    "TCP Query User{BB9D6720-0019-4FA3-98AD-0B988A3954F6}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
    "TCP Query User{BC955230-BA62-4735-9C3D-8CB66FE5BF57}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
    "TCP Query User{BD2DAB5B-CC4A-4BC4-A9D3-44DEA1D174CC}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
    "TCP Query User{CC485B17-00F8-4C37-803F-CAF2BEB4E6B1}C:\program files\ynhub\ynhub.exe" = protocol=6 | dir=in | app=c:\program files\ynhub\ynhub.exe |
    "TCP Query User{E42632FB-A002-4F6C-B8F3-3E0EEACCEECA}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "TCP Query User{F36F8CAB-86ED-42ED-86E0-479FD37083D8}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
    "TCP Query User{F4400181-6592-4DB4-968A-4421FD7A8706}C:\program files\xtremetuner hd\xtremetuner hd.exe" = protocol=6 | dir=in | app=c:\program files\xtremetuner hd\xtremetuner hd.exe |
    "UDP Query User{05A1B72F-C824-44D2-80E1-F393629EB81B}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
    "UDP Query User{14E93E6C-4B8D-4562-BBCE-D129EBC64552}C:\program files (x86)\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
    "UDP Query User{16B2DAF8-CD01-4EE1-A51C-47D5C56D3200}G:\lanspel\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=g:\lanspel\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
    "UDP Query User{24ABD776-1080-4275-9C22-9DC8A9656C15}C:\program files\xtremetuner hd\xtremetuner hd.exe" = protocol=17 | dir=in | app=c:\program files\xtremetuner hd\xtremetuner hd.exe |
    "UDP Query User{2D4FD1A3-AF61-4AD0-A903-77CA5CE8ED4F}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
    "UDP Query User{3193272A-F007-4BBF-BE71-095957991117}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
    "UDP Query User{39855EC4-2E7B-4D8B-985A-3A0AACE79410}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "UDP Query User{3C4390A7-2B92-496E-949F-EF3EE60800A3}C:\program files\ynhub\ynhub.exe" = protocol=17 | dir=in | app=c:\program files\ynhub\ynhub.exe |
    "UDP Query User{3CE6523F-1E8D-42D3-B156-FDA49C2C5B52}C:\program files\ynhub\ynhub.exe" = protocol=17 | dir=in | app=c:\program files\ynhub\ynhub.exe |
    "UDP Query User{492C651E-092A-4A22-B795-1780506042EA}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
    "UDP Query User{4C7AC467-99F7-44EF-9B42-22DDFDCC2973}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
    "UDP Query User{55A6D6C6-0F21-41DD-99F9-D491789748FF}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
    "UDP Query User{66BA2C85-C5E0-4D9F-A890-229EEDBDB38F}C:\program files (x86)\grid\grid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\grid\grid.exe |
    "UDP Query User{7220CD05-8FEE-47B0-8DF1-A496F815B112}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
    "UDP Query User{757452B1-622A-4D84-9B62-4AA01FBD5B4F}C:\program files (x86)\mount&blade warband\mb_warband.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mount&blade warband\mb_warband.exe |
    "UDP Query User{A79B8DA5-DC89-4D21-B668-B85DFD187F4D}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
    "UDP Query User{B2902364-70F2-421D-BAD4-8A0DE376ABCB}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
    "UDP Query User{C2F31256-157A-420D-8309-D038F7056F1D}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
    "UDP Query User{D0D65C90-8034-4106-9C69-37CA40C364C1}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "UDP Query User{E9059263-03EF-4206-92E6-0D9082142A2F}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |

  8. #8
    Junior Member
    Join Date
    Oct 2012
    Posts
    18

    Default

    Extras.txt (part 2, continuing from uninstall list)
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
    "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders
    "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "iid" = Net iD 5.6.2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
    "Microsoft Security Client" = Microsoft Security Essentials
    "PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
    "PROSetDX" = Intel(R) Network Connections 15.6.25.0
    "TeamSpeak 3 Client" = TeamSpeak 3 Client

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}" = Python 2.6
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
    "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
    "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
    "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
    "{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
    "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
    "{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
    "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
    "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
    "{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
    "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
    "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
    "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
    "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
    "{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5
    "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
    "{6C15DC29-040C-433F-B1AE-783D37E9C08B}" = Python 2.6 pygame-1.9.1
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7AF3D8F2-B2C2-4F8B-AFA4-C90001F56B1A}" = Bastion
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
    "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
    "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
    "{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
    "{AC76BA86-7AD7-1053-7B44-A94000000001}" = Adobe Reader 9.4.1 - Svenska
    "{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
    "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
    "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
    "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
    "{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
    "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{E82097B9-A3B8-404A-9A92-AC16A8AC9576}" = Adobe After Effects CS5.5
    "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Amarokx86" = Amarok (remove only)
    "Android SDK Tools" = Android SDK Tools
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DC++" = DC++ 0.799
    "Diablo II" = Diablo II
    "DivX Setup" = DivX Setup
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ERUNT_is1" = ERUNT 1.1j
    "Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.15
    "Faster Than Light_is1" = Faster Than Light
    "Fraps" = Fraps (remove only)
    "Guild Wars 2" = Guild Wars 2
    "hon" = Heroes of Newerth
    "iid" = Net iD 5.6.2 (32-bit Edition)
    "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "MagniDriver" = marvell 91xx driver
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mount&Blade Warband" = Mount&Blade Warband
    "Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MPE" = MyPhoneExplorer
    "OpenAL" = OpenAL
    "PlugY, The Survival Kit" = PlugY, The Survival Kit
    "PunkBusterSvc" = PunkBuster Services
    "Songbird-release-2311" = Songbird 2.0.0 (Build 2311)
    "ST6UNST #1" = Hero Editor V1.04
    "Steam App 10" = Counter-Strike
    "Steam App 105600" = Terraria
    "Steam App 107200" = Space Pirates and Zombies
    "Steam App 200710" = Torchlight II
    "Steam App 209870" = Blacklight: Retribution
    "Steam App 33910" = ARMA 2
    "Steam App 33930" = ARMA 2: Operation Arrowhead
    "Steam App 49520" = Borderlands 2
    "Steam App 8980" = Borderlands
    "uTorrent" = µTorrent
    "Warcraft III" = Warcraft III
    "WinDjView" = WinDjView 1.0.3
    "WinLiveSuite" = Windows Live Essentials
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 2.0.2
    "Xvid Video Codec 1.3.2" = Xvid Video Codec

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Spotify" = Spotify
    "Warcraft III" = Warcraft III: All Products

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2012-10-13 18:20:26 | Computer Name = Max-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\Max\Desktop\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 2012-10-13 19:10:07 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
    of service AMD FUEL Service since QueryServiceConfig API failed System Error: The
    system cannot find the file specified. .

    Error - 2012-10-14 11:20:28 | Computer Name = Max-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\Max\Desktop\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 2012-10-14 11:20:28 | Computer Name = Max-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\Max\Desktop\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 2012-10-14 11:20:30 | Computer Name = Max-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\Max\Desktop\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 2012-10-14 17:05:39 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
    of service AMD FUEL Service since QueryServiceConfig API failed System Error: The
    system cannot find the file specified. .

    Error - 2012-10-14 17:14:47 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
    of service AMD FUEL Service since QueryServiceConfig API failed System Error: The
    system cannot find the file specified. .

    Error - 2012-10-15 05:25:39 | Computer Name = Max-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 2012-10-15 05:27:35 | Computer Name = Max-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Users\Max\Desktop\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 2012-10-15 17:18:50 | Computer Name = Max-PC | Source = Application Hang | ID = 1002
    Description = The program CCleaner64.exe version 3.23.0.1823 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1090 Start
    Time: 01cdab19af6b5f69 Termination Time: 0 Application Path: C:\Program Files\CCleaner\CCleaner64.exe

    Report
    Id: e417fcb6-170d-11e2-8289-c86000318f32

    [ System Events ]
    Error - 2012-10-16 02:06:36 | Computer Name = Max-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 2012-10-16 02:06:37 | Computer Name = Max-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 2012-10-16 02:07:12 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.01 service failed to start due to the following error:
    %%3

    Error - 2012-10-16 02:07:12 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.1 service failed to start due to the following error:
    %%3

    Error - 2012-10-16 02:07:23 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SBRE ssuhop uezndl

    Error - 2012-10-16 12:13:31 | Computer Name = Max-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 2012-10-16 12:13:32 | Computer Name = Max-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 2012-10-16 12:13:46 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.01 service failed to start due to the following error:
    %%3

    Error - 2012-10-16 12:13:46 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.1 service failed to start due to the following error:
    %%3

    Error - 2012-10-16 12:13:52 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SBRE ssuhop uezndl


    < End of report >
    Attached Files Attached Files

  9. #9
    Malware Team Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    201

    Default

    Please close all programs and do another scan with RogueKiller.
    • when it shows the results, check all the boxes next to the ZeroAccess detections then click on Delete.
    • once again in the RogueKiller console, click the “Hosts” tab
    • make sure the entries there are checked if there is an option to do so
    • press the HostFix button.

    You should have 2 RogueKiller RKreports to post:

    1. Mode: Delete
    2. Mode: HostFix

    ==================================================

    Download and run ComboFix

    Download Combofix from either of the links below, and save it to your desktop.

    Link 1
    Link 2

    **Note: It MUST be saved directly to your desktop. Choose save as and then make sure you choose Desktop

    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Double click on ComboFix.exe & follow the prompts.
    • when finished, it will produce a report for you.
    • please post the C:\ComboFix.txt for further review.


    Satchfan

  10. #10
    Junior Member
    Join Date
    Oct 2012
    Posts
    18

    Default

    RKreport[3].txt (Delete)
    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Max [Admin rights]
    Mode : Remove -- Date : 10/17/2012 12:54:45

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [TASK][PREVRUN] {C83DDCEB-11AC-482E-B1EB-4867979DD944} : C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -fC:\Sshock2\SShocku.log -> DELETED
    [TASK][PREVRUN] {E3677B38-32F4-49ED-BDCC-C6DAE36DAD86} : C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=10 -> DELETED
    [TASK][PREVRUN] {F6F121FE-C14B-4D15-8DC8-6358C9C07B90} : C:\Windows\system32\pcalua.exe -a C:\Users\Max\Desktop\vac401full\setup.exe -d C:\Users\Max\Desktop\vac401full -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{10377690-8118-0bba-4e71-c5658b5fc4ae}\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{10377690-8118-0bba-4e71-c5658b5fc4ae}\L --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Users\Max\AppData\Local\{10377690-8118-0bba-4e71-c5658b5fc4ae}\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Users\Max\AppData\Local\{10377690-8118-0bba-4e71-c5658b5fc4ae}\L --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost
    78.46.61.26 www.google-analytics.com.
    78.46.61.26 ad-emea.doubleclick.net.
    78.46.61.26 www.statcounter.com.
    108.163.215.51 www.google-analytics.com.
    108.163.215.51 ad-emea.doubleclick.net.
    108.163.215.51 www.statcounter.com.


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
    --- User ---
    [MBR] b375a0ddcb84adfac20b21978e12deb9
    [BSP] 6f51a4a0bed3e98e560c1480163325d1 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


    RKreport[4] (Fix Hosts)
    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Max [Admin rights]
    Mode : HOSTSFix -- Date : 10/17/2012 12:55:18

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost
    78.46.61.26 www.google-analytics.com.
    78.46.61.26 ad-emea.doubleclick.net.
    78.46.61.26 www.statcounter.com.
    108.163.215.51 www.google-analytics.com.
    108.163.215.51 ad-emea.doubleclick.net.
    108.163.215.51 www.statcounter.com.


    ¤¤¤ Resetted HOSTS: ¤¤¤


    Finished : << RKreport[4].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


    ComboFix log
    ComboFix 12-10-16.02 - Max 2012-10-17 12:59:22.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1033.18.8159.5543 [GMT 2:00]
    Körs från: c:\users\Max\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\windows
    c:\users\Max\AppData\Local\assembly\tmp
    c:\windows\SysWow64\msstdfmt.dll
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    .
    .
    (((((((((((((((((((((((( Filer skapade från 2012-09-17 till 2012-10-17 ))))))))))))))))))))))))))))))
    .
    .
    2012-10-17 11:12 . 2012-10-17 11:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-17 06:17 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CC5F54F-008A-4E07-8141-F45A00449575}\mpengine.dll
    2012-10-15 22:05 . 2012-10-15 22:05 -------- d-----w- c:\users\Max\AppData\Local\Macromedia
    2012-10-15 21:58 . 2012-10-15 21:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-15 21:58 . 2012-10-15 21:58 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-15 21:50 . 2012-10-15 21:52 -------- d-----w- c:\program files (x86)\ERUNT
    2012-10-15 21:21 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-15 21:04 . 2012-10-15 21:04 208216 ----a-w- c:\windows\system32\drivers\24476593.sys
    2012-10-15 18:42 . 2012-10-17 07:49 -------- d-----w- c:\program files (x86)\RIFT Game
    2012-10-14 14:40 . 2012-10-14 14:40 -------- d-----w- c:\programdata\TERA
    2012-10-14 14:40 . 2012-10-14 14:40 -------- d-----w- c:\program files (x86)\TERA
    2012-10-13 22:11 . 2012-10-13 22:11 -------- d-----w- c:\programdata\Sophos
    2012-10-12 19:56 . 2012-10-14 15:23 -------- d-----w- C:\CCE_Quarantine
    2012-10-12 15:06 . 2012-10-12 15:06 -------- d-----w- c:\users\Max\AppData\Roaming\Apple Computer
    2012-10-12 14:47 . 2012-10-12 14:57 -------- d-----w- c:\users\Max\AppData\Local\Songbird2
    2012-10-12 14:47 . 2012-10-12 14:47 -------- d-----w- c:\users\Max\AppData\Roaming\Songbird2
    2012-10-12 14:33 . 2012-06-08 07:28 15664 ----a-w- c:\windows\SysWow64\drivers\GEARAspiWDM.sys
    2012-10-12 14:33 . 2012-06-08 07:28 109360 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-10-12 14:33 . 2012-10-12 14:33 -------- d-----w- c:\program files (x86)\Songbird
    2012-10-12 14:26 . 2012-10-12 14:26 -------- d-----w- c:\users\Max\.local
    2012-10-12 14:12 . 2012-10-12 14:15 -------- d-----w- c:\users\Max\AppData\Roaming\.kde
    2012-10-12 14:08 . 2012-10-12 14:12 -------- d-----w- c:\program files (x86)\Amarok
    2012-10-10 05:11 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-10-10 05:09 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 05:09 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 05:09 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 05:09 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 05:09 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-10-10 05:09 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-10-09 18:02 . 2012-10-15 21:08 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-06 07:26 . 2012-10-03 11:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1512DAF9-2307-44C6-A6E3-BC5A4DE8F42A}\gapaengine.dll
    2012-10-01 21:02 . 2012-10-01 21:02 -------- d-----w- c:\users\Max\AppData\Roaming\SUPERAntiSpyware.com
    2012-10-01 21:02 . 2012-10-17 06:05 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-10-01 21:02 . 2012-10-01 21:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-10-01 21:00 . 2012-10-01 21:00 -------- d-----w- c:\program files\Common Files\Bitdefender
    2012-09-28 12:21 . 2012-09-28 14:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-09-28 12:21 . 2012-09-28 12:21 -------- d-----w- c:\users\Max\AppData\Roaming\LavasoftStatistics
    2012-09-28 12:19 . 2012-10-13 23:11 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
    2012-09-28 12:11 . 2012-09-28 12:11 -------- d-----w- c:\users\Max\AppData\Local\Threat Expert
    2012-09-27 05:47 . 2012-09-27 05:47 -------- d-----w- c:\users\Max\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    2012-09-26 06:07 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-03 11:57 . 2011-03-27 18:50 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-09-27 22:18 . 2010-04-11 10:35 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-09-20 07:32 . 2011-10-16 14:24 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-09-20 07:32 . 2011-10-16 14:24 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-09-20 07:32 . 2011-10-16 14:24 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-09-20 07:32 . 2011-10-16 14:24 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-30 20:03 . 2010-10-24 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-22 18:12 . 2012-09-12 10:21 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 10:21 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 10:21 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 10:21 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-20 17:38 . 2012-10-10 05:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-20 15:27 . 2012-07-07 13:43 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-08-20 15:27 . 2011-09-29 11:25 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-08-19 15:18 . 2011-09-29 11:19 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-08-10 19:14 . 2012-07-07 13:43 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-08-10 18:47 . 2012-07-07 13:43 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
    2012-08-02 17:58 . 2012-09-12 10:21 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 10:21 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    .
    .
    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Not* tomma poster & legitima standardposter visas inte.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Spotify Web Helper"="c:\users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-14 932528]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-17 5628800]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
    "Net iD"="c:\program files (x86)\Net iD\iid.exe" [2012-03-07 100160]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R0 ssuhop;ssuhop; [x]
    R0 uezndl;uezndl; [x]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-15 250808]
    R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys [2010-10-08 13416]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1255736]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Max\Desktop\RealTemp_370\WinRing0x64.sys [x]
    R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
    S3 ALSysIO;ALSysIO;c:\users\Max\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
    S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    .
    .
    Innehåll i mappen 'Schemalagda aktiviteter':
    .
    2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-15 21:58]
    .
    2012-10-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5ce86dbb-8e71-4ace-9559-05959e1ace55.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "Net iD"="c:\program files\Net iD\iid.exe" [2012-03-07 110912]
    .
    ------- Extra genomsökning -------
    .
    uStart Page = hxxp://search.entru.com/?s=21983
    mStart Page = hxxp://search.entru.com/?s=21983
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 79.138.0.180 85.8.31.209
    FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\go2atoz2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/ig
    FF - ExtSQL: 2012-10-15 23:26; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\go2atoz2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2012-10-15 23:27; artur.dubovoy@gmail.com; c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\go2atoz2.default\extensions\artur.dubovoy@gmail.com.xpi
    .
    - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    SafeBoot-22978309.sys
    SafeBoot-73636696.sys
    SafeBoot-97755724.sys
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LÅSTA REGISTERNYCKLAR ---------------------
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*ˆ1h\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*»‰”s**ˆx<\]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*v*»‰”s**ˆx<\\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*ÿP9J\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*áU¿x]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*áU¿x\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (S-1-5-21-1666464932-787091987-3193995767-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (S-1-5-21-1666464932-787091987-3193995767-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (S-1-5-21-1666464932-787091987-3193995767-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (S-1-5-21-1666464932-787091987-3193995767-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (S-1-5-21-1666464932-787091987-3193995767-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-1666464932-787091987-3193995767-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a3,c7,21,cb,0f,eb,f2,1d,f9,ff,fe,05,86,ce,c2,b8,91,ff,a2,16,66,
    9d,47,06,29,dd,e9,df,75,55,cf,3e,0e,16,b8,24,fd,00,b5,7c,8c,b5,db,c8,b5,64,\
    "rkeysecu"=hex:bd,89,9c,70,7d,ab,53,33,bd,8c,0b,3a,57,f1,85,17
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Sluttid: 2012-10-17 13:14:53
    ComboFix-quarantined-files.txt 2012-10-17 11:14
    .
    Före genomsökningen: 59*207*426*048 bytes free
    Efter genomsökningen: 58*892*906*496 bytes free
    .
    - - End Of File - - ACD9ABF6999C77ED2447788C7BC2A583

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •