View Full Version : Live Player 3.2
xwickedx
2013-05-28, 17:21
Dad was tricked into downloading and installing this Live Player 3.2 saying you needed it to watch a live sports stream. I've tried spybot, malwarebytes, adwcleaner, mse and still haven't gotten rid of it. Please help!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by xWiCkeDx at 10:00:22 on 2013-05-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16375.12847 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Thermaltake\Fan Control Software\Fan Control Software.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Clearwire\ClearStick\ClearStick64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AML Products\Registry Cleaner\regclean.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\xWiCkeDx\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://battlelog.battlefield.com/bf3/
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\xWiCkeDx\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Facebook Update] "C:\Users\xWiCkeDx\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [LCLC Control Panel] C:\Program Files (x86)\Thermaltake\Fan Control Software\Fan Control Software.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [G19_BF3] C:\Program Files (x86)\Timisoft\G19_BF3\G19_Battlefield3.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ClearStick] C:\Program Files (x86)\Clearwire\ClearStick\ClearStick64.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [autoauto] c.bat
mRun: [AML Registry Cleaner] C:\Program Files (x86)\AML Products\Registry Cleaner\regclean.exe /min
StartupFolder: C:\Users\xWiCkeDx\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{799DAB4A-6E74-4636-94B4-FD58E4551644} : DHCPNameServer = 192.168.14.1 64.13.74.12 64.13.115.12
TCP: Interfaces\{7E377972-8F13-446B-BBCB-61B44721FB05} : DHCPNameServer = 10.0.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-3-17 302632]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2011-5-8 96896]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-5-8 21992]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-1 1153368]
R3 ASEUSBCC;ASEUSBCC;C:\Windows\System32\drivers\AseUSBCC.sys [2011-12-13 16384]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 cmudaxp;eClaro Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2011-6-15 1266688]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-9-16 272448]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2011-5-8 289496]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2009-7-1 30728]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2011-11-9 33592]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2011-11-9 14136]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-5-8 20992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-13 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-28 13:38:33 -------- d-----w- C:\Program Files\Enigma Software Group
2013-05-28 13:37:24 -------- d-----w- C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-05-28 13:28:00 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2013-05-28 13:28:00 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2013-05-28 13:27:59 974848 ----a-w- C:\Windows\SysWow64\mfc70.dll
2013-05-28 13:27:59 608448 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2013-05-28 13:27:59 -------- d-----w- C:\Program Files (x86)\AML Products
2013-05-28 12:12:19 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{203B788D-C20C-4A28-9633-37CF82FD9E4A}\mpengine.dll
2013-05-28 11:58:48 -------- d-----w- C:\Users\xWiCkeDx\AppData\Roaming\TestApp
2013-05-28 11:57:35 -------- d-----w- C:\ProgramData\PC Tools
2013-05-27 18:58:47 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-26 11:35:18 -------- d-----w- C:\a
2013-05-22 18:41:19 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2013-05-22 18:41:19 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2013-05-22 18:18:16 13368 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
2013-05-22 18:12:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-21 03:16:48 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86A53453-BAA0-469E-9D90-C2341737BE77}\gapaengine.dll
2013-05-21 02:54:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-21 02:54:28 -------- d-----w- C:\Program Files\iTunes
2013-05-21 02:54:28 -------- d-----w- C:\Program Files\iPod
2013-05-21 02:54:28 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-12 02:47:03 -------- d-----w- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2013-05-07 20:43:51 54200 ----a-w- C:\Windows\System32\drivers\dsiarhwprog_x64.sys
2013-05-07 20:43:51 -------- d-----w- C:\Program Files (x86)\Datel
.
==================== Find3M ====================
.
2013-05-27 01:38:53 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-05-27 01:38:53 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-05-27 01:38:25 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-05-22 18:12:52 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-22 18:12:52 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-14 20:48:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 20:48:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-06 01:17:12 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 10:00:34.73 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-28 10:07:01
-----------------------------
10:07:01.304 OS Version: Windows x64 6.1.7601 Service Pack 1
10:07:01.304 Number of processors: 8 586 0x1A04
10:07:01.305 ComputerName: GT-R UserName:
10:07:01.483 Initialize success
10:07:34.434 AVAST engine defs: 13052800
10:13:06.721 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:13:06.724 Disk 0 Vendor: WDC_WD2002FAEX-007BA0 05.01D05 Size: 1907729MB BusType: 3
10:13:06.725 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-5
10:13:06.727 Disk 1 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
10:13:06.728 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-8
10:13:06.730 Disk 2 Vendor: WDC_WD2002FAEX-007BA0 05.01D05 Size: 1907729MB BusType: 3
10:13:06.885 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Scsi\mv91xx1Port7Path0Target0Lun0
10:13:06.887 Disk 3 Vendor: OCZ-VERT 2.02 Size: 228936MB BusType: 11
10:13:06.892 Disk 4 \Device\Harddisk4\DR4 -> \Device\Scsi\mv91xx1Port7Path0Target1Lun0
10:13:06.894 Disk 4 Vendor: WDC_WD60 04.0 Size: 572325MB BusType: 11
10:13:07.084 Disk 3 MBR read successfully
10:13:07.087 Disk 3 MBR scan
10:13:07.128 Disk 3 Windows 7 default MBR code
10:13:07.132 Disk 3 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228926 MB offset 63
10:13:07.172 Disk 3 scanning C:\Windows\system32\drivers
10:13:13.700 Service scanning
10:13:27.634 Modules scanning
10:13:27.638 Disk 3 trace - called modules:
10:13:27.642 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800cd5d2c0]<<sptd.sys SCSIPORT.SYS hal.dll mv91xx.sys
10:13:27.645 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa800d6b0060]
10:13:27.648 3 CLASSPNP.SYS[fffff880015cc43f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port7Path0Target0Lun0[0xfffffa800d467050]
10:13:27.652 \Driver\mv91xx[0xfffffa800cdd1460] -> IRP_MJ_CREATE -> 0xfffffa800cd5d2c0
10:13:27.820 AVAST engine scan C:\Windows
10:13:28.371 AVAST engine scan C:\Windows\system32
10:15:19.354 AVAST engine scan C:\Windows\system32\drivers
10:15:26.579 AVAST engine scan C:\Users\xWiCkeDx
10:17:33.857 AVAST engine scan C:\ProgramData
10:17:56.628 Scan finished successfully
10:18:21.305 Disk 3 MBR has been saved successfully to "C:\Users\xWiCkeDx\Desktop\MBR.dat"
10:18:21.347 The log file has been saved successfully to "C:\Users\xWiCkeDx\Desktop\aswMBR.txt"
Hello xwickedx,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
If you still need assistance please complete the following scans and post the corresponding logs.
=========================
1. P2P - (Peer to Peer)
I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page (http://malwareremoval.com/p2pindex.php) will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall this now.
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
uTorrent
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.
=========================
2. Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
3. OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Make sure all other windows are closed and to let it run uninterrupted.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
=========================
In your next post please provide the following:
checkup.txt
OTL.txt
Extras.txt
xwickedx
2013-06-11, 04:51
Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
avast! Antivirus
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.0
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
Thermaltake Fan Control Software Fan Control Software.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 42% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
xwickedx
2013-06-11, 04:53
OTL logfile created on: 6/10/2013 9:39:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xWiCkeDx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
15.99 Gb Total Physical Memory | 12.94 Gb Available Physical Memory | 80.89% Memory free
31.98 Gb Paging File | 28.12 Gb Available in Paging File | 87.93% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.56 Gb Total Space | 45.74 Gb Free Space | 20.46% Space Free | Partition Type: NTFS
Drive D: | 558.90 Gb Total Space | 174.50 Gb Free Space | 31.22% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 160.55 Gb Free Space | 8.62% Space Free | Partition Type: NTFS
Drive F: | 1397.25 Gb Total Space | 486.61 Gb Free Space | 34.83% Space Free | Partition Type: NTFS
Drive G: | 1862.89 Gb Total Space | 559.14 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Computer Name: GT-R | User Name: xWiCkeDx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\xWiCkeDx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Thermaltake\Fan Control Software\Fan Control Software.exe (Thermaltake)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Schneider Electric)
PRC - C:\Program Files (x86)\MSI\Live Update 5\LU5.exe (Micro-Star International)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe ()
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (APC Data Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (usbio) -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys (Thesycon GmbH, Germany)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ASEUSBCC) -- C:\Windows\SysNative\drivers\AseUSBCC.sys (Silicon Laboratories)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E 64 85 7E DE 24 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {64C90D42-F111-4f26-976E-29136404C499}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{64C90D42-F111-4f26-976E-29136404C499}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\..\SearchScopes\{7AF71E67-F850-4500-B02D-756D9445CE2C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=0A4DDC28-367C-479B-8296-BEF80BBFA2FA&apn_sauid=C732847E-15FA-4B0F-B188-91B37104ABD8
IE - HKCU\..\SearchScopes\{E910A9D0-C231-4c6f-A952-2C9143643732}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xWiCkeDx\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xWiCkeDx\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2012/10/21 12:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/10/21 12:13:30 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: live player = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcnoocjdgpaeliplnkbhbpccighjkeef\3.2_0\
CHR - Extension: Gmail = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/05/28 07:51:12 | 000,448,673 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15404 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AML Registry Cleaner] C:\Program Files (x86)\AML Products\Registry Cleaner\regclean.exe (AML Software - AMLSOFT.COM)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [autoauto] c.bat File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ClearStick] C:\Program Files (x86)\Clearwire\ClearStick\ClearStick64.exe ()
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [G19_BF3] C:\Program Files (x86)\Timisoft\G19_BF3\G19_Battlefield3.exe File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe (Micro-Star International)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O4 - HKCU..\Run: [Facebook Update] "C:\Users\xWiCkeDx\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [LCLC Control Panel] C:\Program Files (x86)\Thermaltake\Fan Control Software\Fan Control Software.exe (Thermaltake)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\xWiCkeDx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{799DAB4A-6E74-4636-94B4-FD58E4551644}: DhcpNameServer = 192.168.14.1 64.13.74.12 64.13.115.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E377972-8F13-446B-BBCB-61B44721FB05}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/28 08:38:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/20 01:04:39 | 000,000,000 | ---D | M] - D:\AUTODESK.AUTOCAD.CIVIL3D.V2012.WIN32-ISO -- [ NTFS ]
O32 - AutoRun File - [2010/12/22 23:06:41 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{61b9c2b3-7624-11e2-806f-20cf307f5711}\Shell - "" = AutoRun
O33 - MountPoints2\{61b9c2b3-7624-11e2-806f-20cf307f5711}\Shell\AutoRun\command - "" = H:\WinInit.exe -c
O33 - MountPoints2\{915e9b2c-dff0-11e0-939a-20cf307f5711}\Shell - "" = AutoRun
O33 - MountPoints2\{915e9b2c-dff0-11e0-939a-20cf307f5711}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/06/10 21:34:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xWiCkeDx\Desktop\OTL.exe
[2013/06/10 21:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/10 21:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/10 21:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/10 21:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/06/10 21:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/08 18:48:40 | 000,709,147 | ---- | C] (CheatHappens) -- C:\Users\xWiCkeDx\Desktop\c5gk-xwickedx.exe
[2013/05/28 10:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/28 10:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/05/28 10:30:06 | 000,000,000 | ---D | C] -- C:\Users\xWiCkeDx\Desktop\anti
[2013/05/28 10:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/28 10:17:54 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/28 10:17:54 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/28 10:17:54 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/28 10:17:54 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/28 10:17:54 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/28 10:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/05/28 10:17:53 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/05/28 10:17:53 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/28 10:17:38 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/28 10:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/05/28 10:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/05/28 08:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/28 08:28:00 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2013/05/28 08:28:00 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2013/05/28 08:27:59 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2013/05/28 08:27:59 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2013/05/28 08:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AML Products
[2013/05/28 08:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/05/28 07:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/28 07:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/28 07:04:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/05/28 07:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/05/28 07:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/05/28 06:58:48 | 000,000,000 | ---D | C] -- C:\Users\xWiCkeDx\AppData\Roaming\TestApp
[2013/05/28 06:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/05/28 06:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/05/26 06:35:18 | 000,000,000 | ---D | C] -- C:\a
[2013/05/22 13:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2013/05/22 13:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/22 13:12:59 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/22 13:12:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/22 13:12:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/22 13:12:56 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/22 13:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/05/14 15:06:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/14 15:06:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/14 15:06:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/14 15:06:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/14 15:06:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/14 15:06:33 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/14 15:06:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/14 15:06:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/14 15:06:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/14 15:06:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/14 15:06:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/14 15:06:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/14 15:06:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/14 15:06:31 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/14 15:06:30 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/14 15:06:05 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/14 15:06:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/14 15:06:04 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/14 15:06:04 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/14 15:06:01 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/14 15:06:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/14 15:06:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2012/02/26 02:14:44 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\zh_res.dll
[2011/10/30 00:04:19 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\PCPE Setup.exe
[2011/10/30 00:04:19 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\xWiCkeDx\msvcr80.dll
[2011/10/30 00:04:18 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\xWiCkeDx\mfc80u.dll
[2011/10/30 00:04:18 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\grm_res.dll
[2011/10/30 00:04:18 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\fr_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\pt_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\it_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\es_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\en_res.dll
[2011/10/30 00:04:18 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\ru_res.dll
[2011/10/30 00:04:18 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\jp_res.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
xwickedx
2013-06-11, 04:54
========== Files - Modified Within 30 Days ==========
[2013/06/10 21:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xWiCkeDx\Desktop\OTL.exe
[2013/06/10 21:32:41 | 000,890,839 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\SecurityCheck.exe
[2013/06/10 21:26:21 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 21:26:21 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 21:26:19 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/10 21:26:19 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/10 21:26:19 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/10 21:23:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/10 21:21:07 | 000,006,517 | ---- | M] () -- C:\Windows\SysWow64\Utility.xml
[2013/06/10 21:20:51 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/10 21:20:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/10 21:20:20 | 4287,975,422 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/10 21:19:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001UA.job
[2013/06/10 21:19:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001Core.job
[2013/06/10 21:18:21 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/10 20:51:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001UA.job
[2013/06/10 20:47:08 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/06/10 20:47:08 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/06/10 20:46:40 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/06/10 20:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/10 01:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001Core.job
[2013/06/08 18:46:42 | 000,709,147 | ---- | M] (CheatHappens) -- C:\Users\xWiCkeDx\Desktop\c5gk-xwickedx.exe
[2013/05/28 12:52:38 | 000,005,945 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\Top Gear.mpcpl
[2013/05/28 10:28:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/28 08:38:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/05/28 08:07:14 | 000,000,287 | ---- | M] () -- C:\Windows\wininit.ini
[2013/05/28 07:51:12 | 000,448,673 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/28 07:51:04 | 000,448,673 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130528-075112.backup
[2013/05/28 07:22:00 | 000,002,283 | ---- | M] () -- C:\Users\xWiCkeDx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/28 07:04:34 | 000,001,108 | ---- | M] () -- C:\Users\xWiCkeDx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/05/28 06:34:46 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/05/22 13:17:55 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2013/05/22 13:12:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/22 13:12:52 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/05/22 13:12:52 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/22 13:12:52 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/22 13:12:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/22 13:12:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 20:07:26 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/14 15:48:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 15:48:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/14 15:30:55 | 000,455,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/10 21:32:34 | 000,890,839 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\SecurityCheck.exe
[2013/06/10 21:18:21 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/28 12:52:38 | 000,005,945 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\Top Gear.mpcpl
[2013/05/28 10:17:53 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/28 10:17:53 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/28 10:17:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/05/28 08:38:48 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/05/28 07:18:42 | 000,002,283 | ---- | C] () -- C:\Users\xWiCkeDx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/28 07:18:20 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/28 07:18:19 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/28 07:04:34 | 000,001,108 | ---- | C] () -- C:\Users\xWiCkeDx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/05/28 06:34:46 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/05/22 13:41:19 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013/05/22 13:41:19 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013/05/22 13:18:16 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2013/04/05 20:16:54 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/04/05 20:16:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/02/10 12:32:15 | 000,000,287 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/01 23:43:47 | 000,109,400 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/18 22:49:03 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/03/15 18:42:59 | 000,000,087 | ---- | C] () -- C:\Windows\EART837.ini
[2012/03/07 22:39:59 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/12/03 15:27:19 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/10/30 00:04:19 | 013,338,112 | ---- | C] () -- C:\Users\xWiCkeDx\PCPE_3.0.1.msi
[2011/10/30 00:04:19 | 000,018,808 | ---- | C] () -- C:\Users\xWiCkeDx\ResourceReader.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/15 19:16:18 | 000,000,590 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2011/06/15 19:16:16 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2011/06/15 19:16:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2011/06/15 19:16:04 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2011/06/15 19:15:46 | 000,003,829 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2011/06/15 19:15:46 | 000,001,251 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2011/06/05 21:04:30 | 000,004,608 | ---- | C] () -- C:\Users\xWiCkeDx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 14:00:18 | 000,007,600 | ---- | C] () -- C:\Users\xWiCkeDx\AppData\Local\Resmon.ResmonCfg
[2011/03/28 17:42:19 | 006,918,144 | ---- | C] () -- C:\Users\xWiCkeDx\PCPE_3.0.msi
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/09/22 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\.minecraft
[2012/11/21 14:55:55 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\2K Sports
[2011/06/05 18:24:37 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\DAEMON Tools Pro
[2012/07/14 16:15:08 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\Epson
[2011/05/08 13:33:01 | 000,000,000 | -H-D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\IFViewer
[2011/05/08 13:20:51 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\Leadertech
[2012/09/16 16:40:12 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\LibreOffice
[2013/02/03 15:51:41 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\LolClient
[2012/04/14 20:26:44 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\Mumble
[2013/06/03 20:06:27 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\Origin
[2013/05/28 06:58:48 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\TestApp
[2012/03/28 21:46:13 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\TS3Client
[2012/04/09 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\Ubisoft
[2013/06/10 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\xWiCkeDx\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2013/06/07 01:24:53 | 000,051,928 | ---- | M] () MD5=E887F98CD5B28446E6D51A88336F68C8 -- C:\Windows\Temp\359e1391-075c-4b10-8dda-15aeda681134\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true >
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 08:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/02 00:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/01 23:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 08:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 08:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 08:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 08:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 08:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 08:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 08:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 08:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 08:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 08:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 08:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 08:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 08:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2002FAEX-007BA0 ATA Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST31500341AS ATA Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2002FAEX-007BA0 ATA Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE3 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: OCZ-VERT EX3 SCSI Disk Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE4 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: WDC WD60 00HLHX-01JJPV0 SCSI Disk Device
Partitions: 1
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #1, Partition #0
PartitionType: Extended Partition
Bootable: True
BootPartition: True
PrimaryPartition: False
Size: 1,397.00GB
Starting Offset: 8225280
Hidden sectors: 0
DeviceID: Disk #2, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 135266304
Hidden sectors: 0
DeviceID: Disk #3, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 224.00GB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #4, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 559.00GB
Starting Offset: 32256
Hidden sectors: 0
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Hi xwickedx,
You have AML Registry Cleaner installed. I would recommend steering clear of Registry cleaners as they tend to create more issues than they resolve.
=========================
1. Multiple Anti-Virus Programs Installed
I notice that you have both avast! Antivirus and Microsoft Security Essentials installed at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system.
Please uninstall either avast! Antivirus or Microsoft Security Essentials (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one anti-spyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
=========================
2. Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Live Player 3.2
=========================
3. aswMBR
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
4. Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKCU\..\SearchScopes\{7AF71E67-F850-4500-B02D-756D9445CE2C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=0A4DDC28-367C-479B-8296-BEF80BBFA2FA&apn_sauid=C732847E-15FA-4B0F-B188-91B37104ABD8
O15 - HKCU\..Trusted Domains: clonewarsadventures.com
O15 - HKCU\..Trusted Domains: freerealms.com
O15 - HKCU\..Trusted Domains: soe.com
O15 - HKCU\..Trusted Domains: sony.com
:Commands
[purity]
[createrestorepoint]
[emptyjava]
[emptyflash]
[Reboot]
Under Extra Registry section, select Use SafeList <-- important
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================
In your next post please provide the following:
aswMBR.txt
attachMBR.zip
OTL.txt
Extras.txt
What symptoms are you experiencing?
xwickedx
2013-06-11, 07:59
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-11 00:37:30
-----------------------------
00:37:30.060 OS Version: Windows x64 6.1.7601 Service Pack 1
00:37:30.060 Number of processors: 8 586 0x1A04
00:37:30.060 ComputerName: GT-R UserName:
00:37:30.513 Initialize success
00:37:30.564 AVAST engine defs: 13061002
00:37:37.572 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
00:37:37.574 Disk 0 Vendor: WDC_WD2002FAEX-007BA0 05.01D05 Size: 1907729MB BusType: 3
00:37:37.577 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-5
00:37:37.578 Disk 1 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
00:37:37.584 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-8
00:37:37.586 Disk 2 Vendor: WDC_WD2002FAEX-007BA0 05.01D05 Size: 1907729MB BusType: 3
00:37:37.588 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Scsi\mv91xx1Port7Path0Target0Lun0
00:37:37.590 Disk 3 Vendor: OCZ-VERT 2.02 Size: 228936MB BusType: 11
00:37:37.593 Disk 4 \Device\Harddisk4\DR4 -> \Device\Scsi\mv91xx1Port7Path0Target1Lun0
00:37:37.595 Disk 4 Vendor: WDC_WD60 04.0 Size: 572325MB BusType: 11
00:37:37.598 Disk 3 MBR read successfully
00:37:37.601 Disk 3 MBR scan
00:37:37.604 Disk 3 Windows 7 default MBR code
00:37:37.608 Disk 3 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228926 MB offset 63
00:37:37.616 Disk 3 scanning C:\Windows\system32\drivers
00:37:41.065 Service scanning
00:37:43.243 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:37:44.397 Modules scanning
00:37:44.401 Disk 3 trace - called modules:
00:37:44.406 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800cd612c0]<<sptd.sys SCSIPORT.SYS hal.dll mv91xx.sys
00:37:44.409 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa800d6b1060]
00:37:44.412 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port7Path0Target0Lun0[0xfffffa800d46d050]
00:37:44.416 \Driver\mv91xx[0xfffffa800cdfca20] -> IRP_MJ_CREATE -> 0xfffffa800cd612c0
00:37:44.785 AVAST engine scan C:\Windows
00:37:46.068 AVAST engine scan C:\Windows\system32
00:38:10.801 AVAST engine scan C:\Windows\system32\drivers
00:38:12.505 AVAST engine scan C:\Users\xWiCkeDx
00:38:38.004 AVAST engine scan C:\ProgramData
00:38:46.332 Scan finished successfully
00:39:26.551 Disk 3 MBR has been saved successfully to "C:\Users\xWiCkeDx\Desktop\MBR.dat"
00:39:26.554 The log file has been saved successfully to "C:\Users\xWiCkeDx\Desktop\aswMBR.txt"
OTL logfile created on: 6/11/2013 12:49:48 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xWiCkeDx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
15.99 Gb Total Physical Memory | 12.99 Gb Available Physical Memory | 81.26% Memory free
31.98 Gb Paging File | 28.38 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.56 Gb Total Space | 47.06 Gb Free Space | 21.05% Space Free | Partition Type: NTFS
Drive D: | 558.90 Gb Total Space | 174.50 Gb Free Space | 31.22% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 160.55 Gb Free Space | 8.62% Space Free | Partition Type: NTFS
Drive F: | 1397.25 Gb Total Space | 486.61 Gb Free Space | 34.83% Space Free | Partition Type: NTFS
Drive G: | 1862.89 Gb Total Space | 559.14 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Computer Name: GT-R | User Name: xWiCkeDx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\xWiCkeDx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Thermaltake\Fan Control Software\Fan Control Software.exe (Thermaltake)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Schneider Electric)
PRC - C:\Program Files (x86)\MSI\Live Update 5\LU5.exe (Micro-Star International)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe ()
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (APC Data Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (usbio) -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys (Thesycon GmbH, Germany)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ASEUSBCC) -- C:\Windows\SysNative\drivers\AseUSBCC.sys (Silicon Laboratories)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E 64 85 7E DE 24 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {64C90D42-F111-4f26-976E-29136404C499}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{64C90D42-F111-4f26-976E-29136404C499}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\..\SearchScopes\{E910A9D0-C231-4c6f-A952-2C9143643732}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xWiCkeDx\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xWiCkeDx\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2012/10/21 12:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/10/21 12:13:30 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: live player = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcnoocjdgpaeliplnkbhbpccighjkeef\3.2_0\
CHR - Extension: Gmail = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/06/10 22:48:55 | 000,449,441 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15429 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AML Registry Cleaner] C:\Program Files (x86)\AML Products\Registry Cleaner\regclean.exe (AML Software - AMLSOFT.COM)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [autoauto] c.bat File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ClearStick] C:\Program Files (x86)\Clearwire\ClearStick\ClearStick64.exe ()
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [G19_BF3] C:\Program Files (x86)\Timisoft\G19_BF3\G19_Battlefield3.exe File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe (Micro-Star International)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O4 - HKCU..\Run: [Facebook Update] "C:\Users\xWiCkeDx\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [LCLC Control Panel] C:\Program Files (x86)\Thermaltake\Fan Control Software\Fan Control Software.exe (Thermaltake)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\xWiCkeDx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{799DAB4A-6E74-4636-94B4-FD58E4551644}: DhcpNameServer = 192.168.14.1 64.13.74.12 64.13.115.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E377972-8F13-446B-BBCB-61B44721FB05}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/28 08:38:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/20 01:04:39 | 000,000,000 | ---D | M] - D:\AUTODESK.AUTOCAD.CIVIL3D.V2012.WIN32-ISO -- [ NTFS ]
O32 - AutoRun File - [2010/12/22 23:06:41 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{61b9c2b3-7624-11e2-806f-20cf307f5711}\Shell - "" = AutoRun
O33 - MountPoints2\{61b9c2b3-7624-11e2-806f-20cf307f5711}\Shell\AutoRun\command - "" = H:\WinInit.exe -c
O33 - MountPoints2\{915e9b2c-dff0-11e0-939a-20cf307f5711}\Shell - "" = AutoRun
O33 - MountPoints2\{915e9b2c-dff0-11e0-939a-20cf307f5711}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
xwickedx
2013-06-11, 08:07
========== Files/Folders - Created Within 30 Days ==========
[2013/06/11 00:40:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/11 00:27:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/10 21:34:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xWiCkeDx\Desktop\OTL.exe
[2013/06/10 21:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/10 21:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/10 21:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/10 21:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/06/10 21:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/08 18:48:40 | 000,709,147 | ---- | C] (CheatHappens) -- C:\Users\xWiCkeDx\Desktop\c5gk-xwickedx.exe
[2013/05/28 10:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/28 10:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/05/28 10:30:06 | 000,000,000 | ---D | C] -- C:\Users\xWiCkeDx\Desktop\anti
[2013/05/28 10:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/28 10:17:54 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/28 10:17:54 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/28 10:17:54 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/28 10:17:54 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/28 10:17:54 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/28 10:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/05/28 10:17:53 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/05/28 10:17:53 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/28 10:17:38 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/28 10:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/05/28 10:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/05/28 10:03:53 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\xWiCkeDx\Desktop\aswMBR.exe
[2013/05/28 08:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/28 08:28:00 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2013/05/28 08:28:00 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2013/05/28 08:27:59 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2013/05/28 08:27:59 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2013/05/28 08:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AML Products
[2013/05/28 08:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/05/28 07:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/28 07:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/28 07:04:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/05/28 07:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/05/28 07:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/05/28 06:58:48 | 000,000,000 | ---D | C] -- C:\Users\xWiCkeDx\AppData\Roaming\TestApp
[2013/05/28 06:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/05/28 06:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/05/26 06:35:18 | 000,000,000 | ---D | C] -- C:\a
[2013/05/22 13:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2013/05/22 13:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/22 13:12:59 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/22 13:12:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/22 13:12:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/22 13:12:56 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/22 13:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/05/14 15:06:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/14 15:06:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/14 15:06:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/14 15:06:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/14 15:06:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/14 15:06:33 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/14 15:06:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/14 15:06:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/14 15:06:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/14 15:06:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/14 15:06:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/14 15:06:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/14 15:06:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/14 15:06:31 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/14 15:06:30 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/14 15:06:05 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/14 15:06:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/14 15:06:04 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/14 15:06:04 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/14 15:06:01 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/14 15:06:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/14 15:06:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2012/02/26 02:14:44 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\zh_res.dll
[2011/10/30 00:04:19 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\PCPE Setup.exe
[2011/10/30 00:04:19 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\xWiCkeDx\msvcr80.dll
[2011/10/30 00:04:18 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\xWiCkeDx\mfc80u.dll
[2011/10/30 00:04:18 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\grm_res.dll
[2011/10/30 00:04:18 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\fr_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\pt_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\it_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\es_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\en_res.dll
[2011/10/30 00:04:18 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\ru_res.dll
[2011/10/30 00:04:18 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\jp_res.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/11 00:51:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001UA.job
[2013/06/11 00:50:48 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 00:50:48 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 00:49:35 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/11 00:49:35 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/11 00:49:35 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/11 00:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/11 00:45:33 | 000,006,517 | ---- | M] () -- C:\Windows\SysWow64\Utility.xml
[2013/06/11 00:45:21 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/11 00:43:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/11 00:43:36 | 4287,975,422 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/11 00:39:49 | 000,000,532 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\MBR.rar
[2013/06/11 00:39:26 | 000,000,512 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\MBR.dat
[2013/06/11 00:28:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/11 00:23:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 00:19:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001UA.job
[2013/06/10 22:48:55 | 000,449,441 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/10 21:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xWiCkeDx\Desktop\OTL.exe
[2013/06/10 21:32:41 | 000,890,839 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\SecurityCheck.exe
[2013/06/10 21:19:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001Core.job
[2013/06/10 21:18:21 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/10 20:47:08 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/06/10 20:47:08 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/06/10 20:46:40 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/06/10 01:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001Core.job
[2013/06/08 18:46:42 | 000,709,147 | ---- | M] (CheatHappens) -- C:\Users\xWiCkeDx\Desktop\c5gk-xwickedx.exe
[2013/05/28 12:52:38 | 000,005,945 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\Top Gear.mpcpl
[2013/05/28 10:28:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/28 10:05:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\xWiCkeDx\Desktop\aswMBR.exe
[2013/05/28 08:38:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/05/28 08:07:14 | 000,000,287 | ---- | M] () -- C:\Windows\wininit.ini
[2013/05/28 07:51:12 | 000,448,673 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130610-224855.backup
[2013/05/28 07:51:04 | 000,448,673 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130528-075112.backup
[2013/05/28 07:22:00 | 000,002,283 | ---- | M] () -- C:\Users\xWiCkeDx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/28 07:04:34 | 000,001,108 | ---- | M] () -- C:\Users\xWiCkeDx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/05/28 06:34:46 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/05/22 13:17:55 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2013/05/22 13:12:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/22 13:12:52 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/05/22 13:12:52 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/22 13:12:52 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/22 13:12:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/22 13:12:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 20:07:26 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/14 15:48:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 15:48:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/14 15:30:55 | 000,455,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/11 00:39:49 | 000,000,532 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\MBR.rar
[2013/06/11 00:39:26 | 000,000,512 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\MBR.dat
[2013/06/10 21:32:34 | 000,890,839 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\SecurityCheck.exe
[2013/06/10 21:18:21 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/28 12:52:38 | 000,005,945 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\Top Gear.mpcpl
[2013/05/28 10:17:53 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/28 10:17:53 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/28 10:17:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/05/28 08:38:48 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/05/28 07:18:42 | 000,002,283 | ---- | C] () -- C:\Users\xWiCkeDx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/28 07:18:20 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/28 07:18:19 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/28 07:04:34 | 000,001,108 | ---- | C] () -- C:\Users\xWiCkeDx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/05/28 06:34:46 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/05/22 13:41:19 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013/05/22 13:41:19 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013/05/22 13:18:16 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2013/04/05 20:16:54 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/04/05 20:16:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/02/10 12:32:15 | 000,000,287 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/01 23:43:47 | 000,109,400 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/18 22:49:03 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/03/15 18:42:59 | 000,000,087 | ---- | C] () -- C:\Windows\EART837.ini
[2012/03/07 22:39:59 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/12/03 15:27:19 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/10/30 00:04:19 | 013,338,112 | ---- | C] () -- C:\Users\xWiCkeDx\PCPE_3.0.1.msi
[2011/10/30 00:04:19 | 000,018,808 | ---- | C] () -- C:\Users\xWiCkeDx\ResourceReader.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/15 19:16:18 | 000,000,590 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2011/06/15 19:16:16 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2011/06/15 19:16:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2011/06/15 19:16:04 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2011/06/15 19:15:46 | 000,003,829 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2011/06/15 19:15:46 | 000,001,251 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2011/06/05 21:04:30 | 000,004,608 | ---- | C] () -- C:\Users\xWiCkeDx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 14:00:18 | 000,007,600 | ---- | C] () -- C:\Users\xWiCkeDx\AppData\Local\Resmon.ResmonCfg
[2011/03/28 17:42:19 | 006,918,144 | ---- | C] () -- C:\Users\xWiCkeDx\PCPE_3.0.msi
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
That's another issue I have I can't uninstall AML Registery Cleaner or Live Player 3.2 because it's not located in the list when I go to uninstall programs.
I'm not getting an Extras.txt is that normal?
I currently have Live Player 3.2 disabled through avast! Browser Cleaner, but when it was enabled pages would load slow. Every time I tried to click it would pop up a new spam browser. Spam videos would constantly play even though I can't see them or even turn it off.
Hi xwickedx,
Not the special instructions in Red this should generate the Extras log.
1. Re-run OTL (it should be located on your desktop).
Windows Vista and Windows 7 & 8 users Right Click and select "Run as Administrator" on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Under Extra Registry section, select Use SafeList <-- important
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================
2. AdwCleaner
Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) to your desktop.
Right click and select "Run as Administrator".
Run AdwCleaner and select Delete
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply
=========================
3. RogueKiller
Download to your desktop RogueKiller (http://tigzy.geekstogo.com/roguekiller.html) (by tigzy)
Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan, Do Not Fix Anything at this point.
Click the Report button, save the report to your desktop
=========================
In your next post please provide the following:
Extras.txt
AdwCleaner[S1].txt
RKreport[1].txt
Which browser/s are effected by Live Player?
xwickedx
2013-06-11, 08:57
OTL logfile created on: 6/11/2013 1:43:57 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xWiCkeDx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
15.99 Gb Total Physical Memory | 13.25 Gb Available Physical Memory | 82.88% Memory free
31.98 Gb Paging File | 28.60 Gb Available in Paging File | 89.43% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.56 Gb Total Space | 46.69 Gb Free Space | 20.88% Space Free | Partition Type: NTFS
Drive D: | 558.90 Gb Total Space | 174.50 Gb Free Space | 31.22% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 160.55 Gb Free Space | 8.62% Space Free | Partition Type: NTFS
Drive F: | 1397.25 Gb Total Space | 486.61 Gb Free Space | 34.83% Space Free | Partition Type: NTFS
Drive G: | 1862.89 Gb Total Space | 559.14 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Computer Name: GT-R | User Name: xWiCkeDx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\xWiCkeDx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Thermaltake\Fan Control Software\Fan Control Software.exe (Thermaltake)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Schneider Electric)
PRC - C:\Program Files (x86)\MSI\Live Update 5\LU5.exe (Micro-Star International)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe ()
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (APC Data Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (usbio) -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys (Thesycon GmbH, Germany)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ASEUSBCC) -- C:\Windows\SysNative\drivers\AseUSBCC.sys (Silicon Laboratories)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E 64 85 7E DE 24 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{64C90D42-F111-4f26-976E-29136404C499}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\..\SearchScopes\{E910A9D0-C231-4c6f-A952-2C9143643732}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xWiCkeDx\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xWiCkeDx\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2012/10/21 12:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/10/21 12:13:30 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\xWiCkeDx\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: live player = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcnoocjdgpaeliplnkbhbpccighjkeef\3.2_0\
CHR - Extension: Gmail = C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/06/10 22:48:55 | 000,449,441 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15429 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AML Registry Cleaner] C:\Program Files (x86)\AML Products\Registry Cleaner\regclean.exe (AML Software - AMLSOFT.COM)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [autoauto] c.bat File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ClearStick] C:\Program Files (x86)\Clearwire\ClearStick\ClearStick64.exe ()
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [G19_BF3] C:\Program Files (x86)\Timisoft\G19_BF3\G19_Battlefield3.exe File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe (Micro-Star International)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O4 - HKCU..\Run: [Facebook Update] "C:\Users\xWiCkeDx\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [LCLC Control Panel] C:\Program Files (x86)\Thermaltake\Fan Control Software\Fan Control Software.exe (Thermaltake)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\xWiCkeDx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{799DAB4A-6E74-4636-94B4-FD58E4551644}: DhcpNameServer = 192.168.14.1 64.13.74.12 64.13.115.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E377972-8F13-446B-BBCB-61B44721FB05}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/28 08:38:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/20 01:04:39 | 000,000,000 | ---D | M] - D:\AUTODESK.AUTOCAD.CIVIL3D.V2012.WIN32-ISO -- [ NTFS ]
O32 - AutoRun File - [2010/12/22 23:06:41 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{61b9c2b3-7624-11e2-806f-20cf307f5711}\Shell - "" = AutoRun
O33 - MountPoints2\{61b9c2b3-7624-11e2-806f-20cf307f5711}\Shell\AutoRun\command - "" = H:\WinInit.exe -c
O33 - MountPoints2\{915e9b2c-dff0-11e0-939a-20cf307f5711}\Shell - "" = AutoRun
O33 - MountPoints2\{915e9b2c-dff0-11e0-939a-20cf307f5711}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/11 01:39:00 | 000,000,000 | ---D | C] -- C:\Users\xWiCkeDx\Desktop\RK_Quarantine
[2013/06/11 00:40:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/11 00:27:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/10 21:34:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xWiCkeDx\Desktop\OTL.exe
[2013/06/10 21:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/10 21:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/10 21:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/10 21:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/06/10 21:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/08 18:48:40 | 000,709,147 | ---- | C] (CheatHappens) -- C:\Users\xWiCkeDx\Desktop\c5gk-xwickedx.exe
[2013/05/28 10:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/28 10:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/05/28 10:30:06 | 000,000,000 | ---D | C] -- C:\Users\xWiCkeDx\Desktop\anti
[2013/05/28 10:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/28 10:17:54 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/28 10:17:54 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/28 10:17:54 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/28 10:17:54 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/28 10:17:54 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/28 10:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/05/28 10:17:53 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/05/28 10:17:53 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/28 10:17:38 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/28 10:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/05/28 10:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/05/28 10:03:53 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\xWiCkeDx\Desktop\aswMBR.exe
[2013/05/28 08:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/28 08:28:00 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2013/05/28 08:28:00 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2013/05/28 08:27:59 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2013/05/28 08:27:59 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2013/05/28 08:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AML Products
[2013/05/28 08:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/05/28 07:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/28 07:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/28 07:04:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/05/28 07:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/05/28 07:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/05/28 06:58:48 | 000,000,000 | ---D | C] -- C:\Users\xWiCkeDx\AppData\Roaming\TestApp
[2013/05/28 06:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/05/28 06:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/05/26 06:35:18 | 000,000,000 | ---D | C] -- C:\a
[2013/05/22 13:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2013/05/22 13:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/22 13:12:59 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/22 13:12:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/22 13:12:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/22 13:12:56 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/22 13:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/05/14 15:06:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/14 15:06:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/14 15:06:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/14 15:06:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/14 15:06:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/14 15:06:33 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/14 15:06:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/14 15:06:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/14 15:06:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/14 15:06:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/14 15:06:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/14 15:06:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/14 15:06:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/14 15:06:31 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/14 15:06:30 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/14 15:06:05 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/14 15:06:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/14 15:06:04 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/14 15:06:04 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/14 15:06:01 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/14 15:06:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/14 15:06:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2012/02/26 02:14:44 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\zh_res.dll
[2011/10/30 00:04:19 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\PCPE Setup.exe
[2011/10/30 00:04:19 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\xWiCkeDx\msvcr80.dll
[2011/10/30 00:04:18 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\xWiCkeDx\mfc80u.dll
[2011/10/30 00:04:18 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\grm_res.dll
[2011/10/30 00:04:18 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\fr_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\pt_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\it_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\es_res.dll
[2011/10/30 00:04:18 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\en_res.dll
[2011/10/30 00:04:18 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\ru_res.dll
[2011/10/30 00:04:18 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\xWiCkeDx\jp_res.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/11 01:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/11 01:43:29 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 01:43:29 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 01:42:16 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/11 01:42:16 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/11 01:42:16 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/11 01:38:40 | 000,791,040 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\RogueKillerX64.exe
[2013/06/11 01:36:28 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/11 01:36:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/11 01:36:17 | 4287,975,422 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/11 01:32:51 | 000,648,201 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\AdwCleaner.exe
[2013/06/11 01:23:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 00:58:03 | 000,000,545 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\MBR.zip
[2013/06/11 00:51:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001UA.job
[2013/06/11 00:45:33 | 000,006,517 | ---- | M] () -- C:\Windows\SysWow64\Utility.xml
[2013/06/11 00:39:26 | 000,000,512 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\MBR.dat
[2013/06/11 00:28:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/11 00:19:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001UA.job
[2013/06/10 22:48:55 | 000,449,441 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/10 21:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xWiCkeDx\Desktop\OTL.exe
[2013/06/10 21:32:41 | 000,890,839 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\SecurityCheck.exe
[2013/06/10 21:19:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001Core.job
[2013/06/10 20:47:08 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/06/10 20:47:08 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/06/10 20:46:40 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/06/10 01:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2601425161-3187145023-4043646502-1001Core.job
[2013/06/08 18:46:42 | 000,709,147 | ---- | M] (CheatHappens) -- C:\Users\xWiCkeDx\Desktop\c5gk-xwickedx.exe
[2013/05/28 12:52:38 | 000,005,945 | ---- | M] () -- C:\Users\xWiCkeDx\Desktop\Top Gear.mpcpl
[2013/05/28 10:28:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/28 10:05:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\xWiCkeDx\Desktop\aswMBR.exe
[2013/05/28 08:38:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/05/28 08:07:14 | 000,000,287 | ---- | M] () -- C:\Windows\wininit.ini
[2013/05/28 07:51:12 | 000,448,673 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130610-224855.backup
[2013/05/28 07:51:04 | 000,448,673 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130528-075112.backup
[2013/05/28 07:22:00 | 000,002,283 | ---- | M] () -- C:\Users\xWiCkeDx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/28 07:04:34 | 000,001,108 | ---- | M] () -- C:\Users\xWiCkeDx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/05/28 06:34:46 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/05/22 13:17:55 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2013/05/22 13:12:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/22 13:12:52 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/05/22 13:12:52 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/22 13:12:52 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/22 13:12:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/22 13:12:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 20:07:26 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/14 15:48:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 15:48:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/14 15:30:55 | 000,455,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/11 01:38:39 | 000,791,040 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\RogueKillerX64.exe
[2013/06/11 01:32:49 | 000,648,201 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\AdwCleaner.exe
[2013/06/11 00:58:03 | 000,000,545 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\MBR.zip
[2013/06/11 00:39:26 | 000,000,512 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\MBR.dat
[2013/06/10 21:32:34 | 000,890,839 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\SecurityCheck.exe
[2013/05/28 12:52:38 | 000,005,945 | ---- | C] () -- C:\Users\xWiCkeDx\Desktop\Top Gear.mpcpl
[2013/05/28 10:17:53 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/28 10:17:53 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/28 10:17:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/05/28 08:38:48 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/05/28 07:18:42 | 000,002,283 | ---- | C] () -- C:\Users\xWiCkeDx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/28 07:18:20 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/28 07:18:19 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/28 07:04:34 | 000,001,108 | ---- | C] () -- C:\Users\xWiCkeDx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/05/28 06:34:46 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/05/22 13:41:19 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013/05/22 13:41:19 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013/05/22 13:18:16 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2013/04/05 20:16:54 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/04/05 20:16:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/02/10 12:32:15 | 000,000,287 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/01 23:43:47 | 000,109,400 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/18 22:49:03 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/03/15 18:42:59 | 000,000,087 | ---- | C] () -- C:\Windows\EART837.ini
[2012/03/07 22:39:59 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/12/03 15:27:19 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/10/30 00:04:19 | 013,338,112 | ---- | C] () -- C:\Users\xWiCkeDx\PCPE_3.0.1.msi
[2011/10/30 00:04:19 | 000,018,808 | ---- | C] () -- C:\Users\xWiCkeDx\ResourceReader.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/15 19:16:18 | 000,000,590 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2011/06/15 19:16:16 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2011/06/15 19:16:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2011/06/15 19:16:04 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2011/06/15 19:15:46 | 000,003,829 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2011/06/15 19:15:46 | 000,001,251 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2011/06/05 21:04:30 | 000,004,608 | ---- | C] () -- C:\Users\xWiCkeDx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 14:00:18 | 000,007,600 | ---- | C] () -- C:\Users\xWiCkeDx\AppData\Local\Resmon.ResmonCfg
[2011/03/28 17:42:19 | 006,918,144 | ---- | C] () -- C:\Users\xWiCkeDx\PCPE_3.0.msi
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
xwickedx
2013-06-11, 08:57
OTL Extras logfile created on: 6/11/2013 1:43:57 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xWiCkeDx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
15.99 Gb Total Physical Memory | 13.25 Gb Available Physical Memory | 82.88% Memory free
31.98 Gb Paging File | 28.60 Gb Available in Paging File | 89.43% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.56 Gb Total Space | 46.69 Gb Free Space | 20.88% Space Free | Partition Type: NTFS
Drive D: | 558.90 Gb Total Space | 174.50 Gb Free Space | 31.22% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 160.55 Gb Free Space | 8.62% Space Free | Partition Type: NTFS
Drive F: | 1397.25 Gb Total Space | 486.61 Gb Free Space | 34.83% Space Free | Partition Type: NTFS
Drive G: | 1862.89 Gb Total Space | 559.14 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Computer Name: GT-R | User Name: xWiCkeDx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0918A49F-4D0E-42C9-8FBF-69C41F74F618}" = lport=445 | protocol=6 | dir=in | app=system |
"{0B0902B6-96CC-417D-998A-674152DCC709}" = lport=139 | protocol=6 | dir=in | app=system |
"{0E4E7BCC-EC81-4F3F-8BB9-A8943055255C}" = lport=57646 | protocol=6 | dir=in | name=pando media booster |
"{45A8E19D-0AFE-499B-BFA0-5F1966A132D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{518F53EE-B17B-43B2-A680-376BF98462ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{51C32542-330A-483D-AAD9-5DA23AB490C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C16005A-70C1-4738-BC91-20BECE282BAA}" = lport=137 | protocol=17 | dir=in | app=system |
"{68D496D7-50B6-4177-8666-1D96E6958C50}" = rport=138 | protocol=17 | dir=out | app=system |
"{7DF25FB0-DC92-4855-B1B3-4F4A4D7146A2}" = rport=445 | protocol=6 | dir=out | app=system |
"{8658683B-CF53-4EF7-9D64-49FC3A377406}" = lport=57646 | protocol=17 | dir=in | name=pando media booster |
"{92DDB89D-98AE-4A08-8486-CFD1E8BC99C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A45F6FD0-BEA6-405E-AD50-7D5C76C140C4}" = lport=57646 | protocol=17 | dir=in | name=pando media booster |
"{AC6B382F-6101-41A6-81C8-AF176F1578AB}" = lport=57646 | protocol=6 | dir=in | name=pando media booster |
"{AF855B78-624A-4322-A805-ED3EE4702199}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D813562B-004F-4946-9C7A-E49CE5E4D056}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ED0D72AF-17AA-40AE-8494-8B559BB3ABF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{F2230D49-ABC2-48AB-BDB3-51F75B6A7196}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0048767E-ED3C-498A-82CE-27EF5B2DFE5E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{0235393F-242B-4434-B30B-1BAB8EEFAE7B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{03FD07DB-ED86-4725-97EA-6C70BF33974E}" = protocol=6 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{0FCAFC62-E89B-4E56-A6C1-C885976F0912}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{13DD3116-B3B1-4DE0-AC1F-1274063147B6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{18C8C12E-EFE3-46ED-B038-F263710A4032}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{206CBF07-A8D0-4DCB-BEE5-D1C6018DD6AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{2598A5C5-E44F-4068-99A1-14F86FFAA2AC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B1C3B0F-9BF4-4EAD-B78A-D803592EB9B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{344148F6-5472-47AA-A498-5DF6618723E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{375EC517-A74E-4CCA-9860-43354502E81C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3B3A7618-045A-4281-A5F2-98FE7DC7D224}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E787B5B-DE19-41E6-8AB3-400D41A02A87}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{449933DF-3C45-4D46-8088-EE8D5E5E2BAA}" = protocol=6 | dir=in | app=c:\users\xwickedx\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{464DA071-A2F0-4BA7-9EF3-7E13FB9CEEEC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{46DFB4ED-C3A5-4130-BDCD-1C3FF4E63075}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{496B98ED-BCC7-4A43-AD16-E73C1E37A22C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{49DC875D-3C08-4178-B97B-063534B3E666}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4AC7C07E-C648-41DB-8E14-9D06614BD6CF}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\fax utility\fufaxcnt.exe |
"{4C0CC38F-30D9-43A8-B821-20CC968D2292}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5055F7BC-8064-4E99-96F3-FFDD523C7716}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5491E092-BDD2-452E-A19B-0E571EAFA326}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B81F554-08A6-4EFF-92AA-280001E1CD12}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{5C19F236-9278-40EC-B8E2-40C301305908}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5D2DAAF0-6334-4130-95A7-AE7953D51C44}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5F35310D-00DE-4C29-9A50-9AB80CC42B8F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{62D578B3-8221-44E4-97FD-F182288118A9}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{62DEF18A-6E8B-4980-8200-DBF34B4CC135}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63A511DF-35D7-42A6-9A42-F965A5D35CAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{6F1986F0-FEF3-48BC-B75F-13CD5DD640E9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6FEF370E-2A45-4EDC-AADA-689FF3CAD7EC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{778A1F87-1552-4C80-B2CD-D4E1ACE1DB87}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7890E59B-68F5-4DFA-A20A-826EFD949A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{7C31D999-0CCD-469D-A269-BC5B50F7FF49}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7EECBCE5-4573-4751-A954-4E730A312333}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{80D4031D-12BE-45CA-BFD1-E12A58A91C96}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{84A7BC64-6062-45EB-AD80-B0B9C4A6926E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8E60D13A-6F56-4275-A816-28CFBEB954FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{9570C467-C400-435B-84FE-824EF8FA74C7}" = protocol=17 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{9808C9A1-5447-4E41-AF36-810E47D8F515}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9A735510-B946-4E9B-8709-1D02988B169F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9BA92B24-CCE7-4E58-AAAD-3B9EA2A1CF3D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9C3118CB-072C-4A42-A80F-2EE9AC630D77}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9C414891-6F02-4B7E-8553-D49A3374EEBB}" = protocol=17 | dir=in | app=c:\users\xwickedx\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{AED448FC-266D-472D-B368-0AE841A21049}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC0990DD-3C07-4F81-B3B9-09D34B3C7D35}" = protocol=6 | dir=in | app=c:\users\xwickedx\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BD39E35C-34D2-4E41-A441-021A008FBA77}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BEA42B4B-F2EB-4125-A55D-46CD27E88154}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB237E25-F2C9-4B79-97C4-3D3A88255020}" = protocol=17 | dir=in | app=c:\users\xwickedx\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{CEE0A33E-A78D-4787-B089-02DB3E5D4ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\fax utility\fufaxcnt.exe |
"{DD470C0F-A893-4404-8BAA-039B75977B3B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DFAC77EA-AA48-4070-BEEB-0411E0DBA19C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E0350101-7970-4D91-9A91-CEB7482FA83B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E1165601-8A4C-4D24-8C94-4202AB9481ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E369B5B2-E3D5-434B-874D-1D535CBFE81B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5DC6F66-8C8E-40D4-A540-AD5C0D98B107}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{EEA2A683-D97E-49C2-9657-AA6F79496E12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{F49C6F55-346D-45D7-8907-8D6BD3D3C151}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"TCP Query User{0BD40228-8032-42BC-A811-B05E63AA9C0C}C:\program files (x86)\steam\steamapps\common\f1 2010\f1_2010_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2010\f1_2010_game.exe |
"TCP Query User{129D47C0-8083-48B6-9861-7151E41C99A2}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe |
"TCP Query User{23D44D74-BD92-4C32-AD80-6819DAB7A4D1}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{343C1DC0-59D8-4ABA-8457-E63C725CFF6D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{090AA706-7691-4943-BAB0-A0D3EAD654AF}C:\program files (x86)\steam\steamapps\common\f1 2010\f1_2010_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2010\f1_2010_game.exe |
"UDP Query User{28BD13A5-ECCC-41D0-899B-FAC0AA0AA2A1}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{B4C80D5D-2563-4906-82C8-1B54BAFF056C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{FD6E52AE-BCF6-4924-8763-4246E77CD5D7}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8882ED04-FE2B-478C-AF10-E7BE2A3C7AD4}" = Intel(R) Network Connections 15.0.4.0
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"30853F7174C6EB267FDAABE50A369169D18DA611" = Windows Driver Package - Datel Design & Development (usbio) USBIOControlledDevices (04/21/2009 2.40.0.0)
"3DS Compatible Action Replay Firmware Update_is1" = 3DS Compatible Action Replay Firmware Update version 1.0
"8555DF8099612EF2F8333DC0EC454113D4537E7B" = Windows Driver Package - Datel Design & Development USBIOControlledDevices (04/21/2009 2.40.0.0)
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"C-Media Oxygen HD Audio Driver" = HT OMEGA CLARO
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"EPSON Artisan 837 Series" = EPSON Artisan 837 Series Printer Uninstall
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel(R) Network Connections 15.0.4.0
"WinRAR archiver" = WinRAR 4.00 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.5.0.1
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{434D0831-A4CC-401A-9E74-621000018402}" = F1 2010
"{434D0FA1-A4CC-401A-9E74-621000028101}" = F1 2011
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{51268A7D-4E1A-371A-9849-496D48930952}" = Google Talk Plugin
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{944B1F23-53F4-48C6-80A6-8D764DFFB8F3}" = Fan Control Software
"{9a0f9046-d0dc-4819-a9e0-e189cc23e984}" = Nero 9 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DFAEC123-FE78-4305-879C-4994BC4C56F8}" = Fan Control Driver x64
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-04-20
"DAEMON Tools Pro" = DAEMON Tools Pro
"EA Installer.-2099549384" = EA Installer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"Google Chrome" = Google Chrome
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"mIRC" = mIRC
"OpenAL" = OpenAL
"Origin" = Origin
"Rockstar Games Social Club" = Rockstar Games Social Club
"StarCraft II" = StarCraft II
"Steam App 202350" = Steam Mobile Access
"Steam App 210770" = Sanctum 2
"Steam App 550" = Left 4 Dead 2
"Steam App 8930" = Sid Meier's Civilization V
"Uplay" = Uplay
"WinRAR archiver" = WinRAR archiver
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/14/2013 12:12:43 AM | Computer Name = GT-R | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/14/2013 12:12:44 AM | Computer Name = GT-R | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/14/2013 12:12:45 AM | Computer Name = GT-R | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/14/2013 12:12:46 AM | Computer Name = GT-R | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/14/2013 12:12:47 AM | Computer Name = GT-R | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/14/2013 12:12:48 AM | Computer Name = GT-R | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/14/2013 12:12:49 AM | Computer Name = GT-R | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/14/2013 12:12:50 AM | Computer Name = GT-R | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/14/2013 12:12:51 AM | Computer Name = GT-R | Source = Bonjour Service | ID = 100
Description = 504: Could not write data to client after 550 seconds, 5 replies waiting
Error - 1/14/2013 12:12:51 AM | Computer Name = GT-R | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ System Events ]
Error - 5/28/2013 9:34:25 AM | Computer Name = GT-R | Source = DCOM | ID = 10005
Description =
Error - 5/28/2013 9:34:26 AM | Computer Name = GT-R | Source = DCOM | ID = 10005
Description =
Error - 5/28/2013 9:34:25 AM | Computer Name = GT-R | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 5/28/2013 9:34:25 AM | Computer Name = GT-R | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 5/28/2013 9:34:26 AM | Computer Name = GT-R | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 5/28/2013 9:34:26 AM | Computer Name = GT-R | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 5/28/2013 9:34:26 AM | Computer Name = GT-R | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 5/28/2013 9:34:26 AM | Computer Name = GT-R | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 5/28/2013 9:34:26 AM | Computer Name = GT-R | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 5/28/2013 9:34:26 AM | Computer Name = GT-R | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
< End of report >
xwickedx
2013-06-11, 09:00
# AdwCleaner v2.303 - Logfile created 06/11/2013 at 01:50:22
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : xWiCkeDx - GT-R
# Boot Mode : Normal
# Running from : C:\Users\xWiCkeDx\Desktop\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Registry is clean.
-\\ Google Chrome v27.0.1453.110
File : C:\Users\xWiCkeDx\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R16].txt - [788 octets] - [11/06/2013 01:50:10]
AdwCleaner[S7].txt - [719 octets] - [11/06/2013 01:50:22]
########## EOF - C:\AdwCleaner[S7].txt - [778 octets] ##########
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : xWiCkeDx [Admin rights]
Mode : Scan -- Date : 06/11/2013 01:54:51
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][PREVRUN] HKLM\[...]\Run : Cmaudio8788 (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) [7] -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2002FAEX-007BA0 ATA Device +++++
--- User ---
[MBR] 0ba89cdb744425bd1025c796d16d1f27
19e547fdbd01bf19ddf3ba14908ad6e6 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: ST31500341AS ATA Device +++++
--- User ---
[MBR] 8192976fec1e1a818f153e8a22a38c3f
[BSP] 104253d550d5e20da50848e5b431d444 : Empty MBR Code
Partition table:
1 - [ACTIVE] EXTEN (0x05) [VISIBLE] Offset (sectors): 16065 | Size: 1430789 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: WDC WD2002FAEX-007BA0 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: OCZ-VERT EX3 SCSI Disk Device +++++
--- User ---
[MBR] bac0ea2db447f5ade898e6b4c08e290b
[BSP] 4fed6c2b23ed22184d5e9a17098e3f36 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228926 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: WDC WD60 00HLHX-01JJPV0 SCSI Disk Device +++++
--- User ---
[MBR] 92cc348e575e19eefbd47040d36f83cc
[BSP] cd890d81a495539dc3899265eea5a621 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 572315 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_06112013_02d0154.txt >>
RKreport[1]_S_06112013_02d0154.txt
[B]The only browser it seems to be effecting is chrome currently.
Hi xwickedx,
Try to uninstall using step 1. If the programs are not listed continue on to step 2.
=========================
1. Revo Uninstaller Pro
Please download Revo Uninstaller Pro (http://www.revouninstaller.com/download-professional-version.php) and save it to your desktop.
(This version is a fully functional, 30 day free trial)
Vista-W7 Users: You must right-click on "RevoUninProSetup.exe", and select "Run As Administrator" to install. If UAC prompts, allow it.
From the list of programs click on (follow the steps for each program listed)
AML Registery Cleaner
Live Player 3.2
Chose "Uninstall". When prompted click Yes.
Make sure the advanced option is checked... then click Next.
The program will run, when prompted... click Yes... then Next.
Once the program has searched for leftovers click Next.
Check ONLY the bolded items on the list then... click Next... then Yes.
When done click Finish.
=========================
2. Enable Hidden Files & Folders :
To enable the viewing of hidden and protected system files in Windows please follow these steps:
Close all programs so that you are at your desktop.
Click on the Start button. (This is the small round button with the Windows flag in the lower left corner.)
Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:
If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.
Go to step 5
If you are in the Control Panel Home view do the following:
Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Go to step 5.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the check mark from the check box labeled Hide extensions for known file types.
Remove the check mark from the check box labeled Hide protected operating system files.
Press the Apply button and then the OK button.
=========================
3. SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Right click SystemLook.exe and select "Run as Administrator" to run it.
Copy the content of the following codebox into the main textfield:
:dir /s
C:\ProgramFiles\Live Player 3.2
C:\ProgramFiles\AML Registery Cleaner
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
=========================
4. Disable Pop-ups in Chrome
Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Settings scroll down to Show Advanced Settings and click it.
Scroll to Privacy >> select Content Settings
Scroll down to Pop-ups, select Do not allow any site to show pop-ups
Press Done and exit Chrome settings.
=========================
5. Delete cache and other browser data in Chrome
Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Tools.
Select Clear browsing data.
In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
Clear browsing history
Clear download history
Empty the cache
Delete cookies and other site and plug-in data
Clear saved passwords
Clear saved Autofill form data
Clear data from hosted apps
Deauthorize content licenses
Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
Click Clear browsing data.
=========================
In your next post please provide the following:
Revo results or
SystemLook.txt
xwickedx
2013-06-11, 23:41
SystemLook 30.07.11 by jpshortstuff
Log created at 16:32 on 11/06/2013 by xWiCkeDx
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
Invalid Context: dir /s
No Context: C:\ProgramFiles\Live Player 3.2
No Context: C:\ProgramFiles\AML Registery Cleaner
-= EOF =-
Still not listed under the list using Revo Uninstaller Pro
Hi xwickedx,
I apologize, you needed the 64 bit version. :red: Please delete the copy of SystemLook and download the correct version.
=========================
1. SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download the version suitable to your computer.
32 bit System:
Link 1 - 32 bit (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link 2 - 32 bit (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 bit System:
Link 1 - 64 bit (http://jpshortstuff.247fixes.com/SystemLook_x64.exe)
Link 2 - 64 bit (http://images.malwareremoval.com/jpshortstuff/SystemLook_x64.exe)
Right click SystemLook.exe and select "Run as Administrator" to run it.
Copy the content of the following code-box into the main text-field:
:folderfind
Live Player 3.2
AML Registery Cleaner
:dir
C:\ProgramFiles\Live Player 3.2
C:\ProgramFiles\AML Registery Cleaner
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
=========================
In your next post please provide the following:
SystemLook.txt
xwickedx
2013-06-12, 04:47
SystemLook 30.07.11 by jpshortstuff
Log created at 21:43 on 11/06/2013 by xWiCkeDx
Administrator - Elevation successful
========== folderfind ==========
Searching for "Live Player 3.2"
No folders found.
Searching for "AML Registery Cleaner"
No folders found.
========== dir ==========
C:\ProgramFiles\Live Player 3.2 - Unable to find folder.
C:\ProgramFiles\AML Registery Cleaner - Unable to find folder.
-= EOF =-
I found this folder: C:\Program Files (x86)\AML Products\Registry Cleaner
But I don't see any uninstall program in any of the folders
Hi xwickedx,
1. Enable Hidden Files & Folders :
To enable the viewing of hidden and protected system files in Windows please follow these steps:
Close all programs so that you are at your desktop.
Click on the Start button. (This is the small round button with the Windows flag in the lower left corner.)
Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:
If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.
Go to step 5
If you are in the Control Panel Home view do the following:
Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Go to step 5.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the check mark from the check box labeled Hide extensions for known file types.
Remove the check mark from the check box labeled Hide protected operating system files.
Press the Apply button and then the OK button.
=========================
2. Delete a File/Folder
Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
C:\Program Files (x86)\AML Products\Registry Cleaner <-- delete the folder, if present
If you have no other AML products, remove the AML Products folder
C:\Program Files (x86)\PC Live Player or Live Player <-- delete the folder, if present
Exit Explorer
=========================
3. Disable Plug-ins in Google Chrome
Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Locate the Privacy Section, select Content Settings
In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
Locate the following plug-ins and set them to Disable:
PC Live Player
Live Player
Exit Chrome settings menu.
=========================
In your next post please provide the following:
Results from the above steps
xwickedx
2013-06-12, 05:27
AML is gone, but only way I could disable the live player 3.2 was through using avast! browser cleaner.
Hi xwickedx,
Sometimes when a program is uninstalled incorrectly the program can become fragmented and make complete removal difficult.
Did you previously try and remove Live Player? If so, how did you go about it?
Is PC Live Player or Live Player listed as a extension in Chrome?
Search you computer for both of these:
PC Live Player
Live Player
Post the results
xwickedx
2013-06-14, 11:16
Okay I finally was able to get rid of it. What I did was:
Click the Chrome menu on the browser toolbar
Click extensions and turn on developer mode
Copy the ID: string into notepad
Then went into regedit and CTRL+F for that string with everything checked and once it found it deleted that entire folder.
Then did a windows search to make sure it was gone.
Restart chrome and check extensions and it was still there, but had a new ID: so repeated steps above, and now its finally gone.
Hi xwickedx
We don't generally recommend editing the Registry unless you fully understand what you are doing. But when you do you should always create a Registry Back-up using a program like ERUNT (http://www.snapfiles.com/get/erunt.html) prior to making any changes.
=========================
1. Re-run OTL (it should be located on your desktop).
Windows Vista and Windows 7 & 8 users Right Click and select "Run as Administrator" on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================
2. Malwarebytes' Anti-Malware
Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here (http://www.malwarebytes.org/mbam-download.php)
Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to run the program..
Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample: and click Remove Selected .
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAM_SR_zpsed09246e.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAM_SR_zpsed09246e.png.html)
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
3. ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
In your next post please provide the following:
OTL.txt
MBAM log
ESET's log.txt
Any remaining issues?
Hi xwickedx,
Just checking in to see if you still need help?
This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.
If you still require help, please start a new topic and include fresh DDS and aswMBR logs, along with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.