Page 1 of 5 12345 LastLast
Results 1 to 10 of 43

Thread: Laptop realy slow and wont load most sites AVG not running as well!!!

  1. #1
    Member fatcodycat's Avatar
    Join Date
    Dec 2008
    Posts
    56

    Default Laptop realy slow and wont load most sites AVG not running as well!!!

    Hello

    Noticed a few days ago that my AVG was switched off - I don't know how long this has been off for- and I cant switch it back on again or update it!

    I have had a fiddle... and ran Combofix and this dose not appeared to have helped - I now know that I should of not done the Combofix until instructed to do so sorry.

    I am unable to download the DDS and MBR program so I downloaded them onto a SD card from my wifes computer and ran them from the CD drive.

    Strangely enough the Windows defender program is now showing as running (I did try to turn it on but it would not let me) it now appears to be running??? (or not)

    I just don't know what it going on as I can still play world of tanks and world of warplanes but none of my shortcuts work above internet explorer and my back arrow dose not let go back to the previous page!!

    thanks in advance.



    DDS Log

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660
    Run by steves at 21:02:50 on 2013-08-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4028.2001 [GMT 1:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    C:\Users\steves\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\steves\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uProxyOverride = <local>
    uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
    BHO: Slick Savings: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\steves\AppData\Roaming\Slick Savings\Coupons.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
    uRun: [Akamai NetSession Interface] "C:\Users\steves\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [IomegaEncryption] C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    StartupFolder: C:\Users\steves\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TMMONI~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\35B4954413535343 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\374756675637D286F647D23707F647 : DHCPNameServer = 192.168.43.1
    TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\C416572716370286F6473707F647132333 : DHCPNameServer = 192.168.43.1
    TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\F54586560234C6F65746 : DHCPNameServer = 10.1.5.153 10.1.5.154
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-11-24 98208]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
    R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-24 13336]
    R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-2-1 1900728]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-4-5 167424]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-7-14 1153368]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
    R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-9-19 1157056]
    R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-19 248248]
    R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-9-19 1177536]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
    R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2010-7-2 29288]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
    S3 IT9135BDA;WinFast DTV Dongle Dual Devices;C:\Windows\System32\drivers\IT9135BDA.sys [2011-1-10 139392]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-15 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-15 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-15 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-25 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2012-9-19 14464]
    .
    =============== File Associations ===============
    .
    FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
    FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2013-08-14 10:38:09 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2013-08-14 10:38:09 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-08-14 10:38:09 1472512 ----a-w- C:\Windows\System32\crypt32.dll
    2013-08-14 10:38:09 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-08-14 10:38:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-08-14 10:38:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-08-14 10:38:07 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-08-14 10:38:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-08-14 10:36:26 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-08-14 10:15:43 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D49F91BE-F3A8-44D3-B663-E70EFABFD88A}\mpengine.dll
    2013-08-12 13:28:48 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-08-12 12:43:17 98816 ----a-w- C:\Windows\sed.exe
    2013-08-12 12:43:17 256000 ----a-w- C:\Windows\PEV.exe
    2013-08-12 12:43:17 208896 ----a-w- C:\Windows\MBR.exe
    2013-08-12 12:43:13 -------- d-s---w- C:\ComboFix
    2013-08-12 06:52:49 -------- d-----w- C:\Program Files (x86)\ESET
    2013-08-07 19:19:40 -------- d-----w- C:\Users\steves\AppData\Local\ArmA 2 OA DEMO
    2013-08-03 19:57:58 -------- d-----w- C:\Windows\System32\MRT
    2013-07-27 15:04:47 -------- d-----w- C:\Users\steves\AppData\Roaming\Slick Savings
    2013-07-27 15:04:47 -------- d-----w- C:\Users\steves\AppData\Local\Slick Savings
    2013-07-20 00:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2013-07-20 00:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2013-07-20 00:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2013-07-20 00:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    .
    ==================== Find3M ====================
    .
    2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-21 08:52:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-21 08:52:03 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-07-10 00:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-07-01 00:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    .
    ============= FINISH: 21:03:22.21 ===============


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-14 21:05:49
    -----------------------------
    21:05:49.967 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:05:49.967 Number of processors: 8 586 0x1E05
    21:05:49.967 ComputerName: STEVES-PC UserName: steves
    21:05:53.508 Initialize success
    21:07:53.593 AVAST engine defs: 13081401
    21:08:19.037 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:08:19.037 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
    21:08:19.037 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
    21:08:19.037 Disk 1 Vendor: ( Size: 7580MB BusType: 12
    21:08:19.131 Disk 0 MBR read successfully
    21:08:19.131 Disk 0 MBR scan
    21:08:19.146 Disk 0 Windows 7 default MBR code
    21:08:19.193 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    21:08:19.302 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
    21:08:19.536 Disk 0 scanning C:\Windows\system32\drivers
    21:08:30.862 Service scanning
    21:09:02.811 Modules scanning
    21:09:02.826 Disk 0 trace - called modules:
    21:09:02.842 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    21:09:02.857 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d75790]
    21:09:02.857 3 CLASSPNP.SYS[fffff88001b6243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ada050]
    21:09:05.899 AVAST engine scan C:\Windows
    21:09:12.202 AVAST engine scan C:\Windows\system32
    21:16:00.267 AVAST engine scan C:\Windows\system32\drivers
    21:16:18.847 AVAST engine scan C:\Users\steves
    21:19:16.500 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
    21:19:16.531 The log file has been saved successfully to "E:\aswMBR.txt"

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Go here and download AdwCleaner to your desktop

    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.









    Download Junkware Removal Tool to your desktop

    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    • the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next message.






    Please download Malwarebytes Anti-Malware to your desktop.

    • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.


    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member fatcodycat's Avatar
    Join Date
    Dec 2008
    Posts
    56

    Default

    hello

    many thanks for the help.

    I had to down load the programs to a SD card again and run from there.

    logs below



    # AdwCleaner v2.306 - Logfile created 08/15/2013 at 07:15:16
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : steves - STEVES-PC
    # Boot Mode : Normal
    # Running from : E:\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16660

    [OK] Registry is clean.

    *************************

    AdwCleaner[R1].txt - [2661 octets] - [15/08/2013 07:02:35]
    AdwCleaner[R2].txt - [2010 octets] - [15/08/2013 07:15:16]

    ########## EOF - C:\AdwCleaner[R2].txt - [2070 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.4.5 (08.13.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by steves on 15/08/2013 at 7:04:46.89
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstallerstub_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstallerstub_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2504091
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}



    ~~~ Files


    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.08.15.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16660
    steves :: STEVES-PC [administrator]

    Protection: Enabled

    15/08/2013 07:18:19
    mbam-log-2013-08-15 (07-18-19).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 235300
    Time elapsed: 5 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\steven\Downloads\SetupImgBurn_2.5.5.0.exe (PUP.Optional.AskToolbar) -> Quarantined and deleted successfully.

    (end)

  4. #4
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great, things running any better ?

    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member fatcodycat's Avatar
    Join Date
    Dec 2008
    Posts
    56

    Default

    Hello

    OTL.txt below

    OTL logfile created on: 15/08/2013 12:33:50 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = E:\
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16660)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 51.09% Memory free
    7.87 Gb Paging File | 5.41 Gb Available in Paging File | 68.76% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 698.54 Gb Total Space | 115.16 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
    Drive E: | 7.39 Gb Total Space | 6.63 Gb Free Space | 89.71% Space Free | Partition Type: FAT32

    Computer Name: STEVES-PC | User Name: steves | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - E:\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    PRC - C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Users\steves\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
    PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
    PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
    PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
    PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
    PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
    PRC - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
    PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
    PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
    MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll ()
    MOD - C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll ()
    MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
    MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
    MOD - C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
    MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
    MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
    MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
    MOD - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
    MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
    MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll ()
    MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll ()
    MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
    SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
    SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
    SRV - (WDRulesService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
    SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
    SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
    DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
    DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\drivers\IT9135BDA.sys (ITE )
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
    DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
    DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 0E 57 37 8C CA CD 01 [binary data]
    IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes,DefaultScope = {70903C48-6C44-4F6E-AAD9-9BC8BB1D4FAD}
    IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes\{70903C48-6C44-4F6E-AAD9-9BC8BB1D4FAD}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
    IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\steves\AppData\Local\Roblox\Versions\version-5fd8234dbfe247fe\\NPRobloxProxy.dll ()



    O1 HOSTS File: ([2013/08/14 17:16:03 | 000,450,694 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15467 more lines...
    O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
    O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [Akamai NetSession Interface] C:\Users\steves\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [IomegaEncryption] C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe (PLX Technology)
    O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
    O4 - Startup: C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\osf - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/08/15 07:17:13 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Malwarebytes
    [2013/08/15 07:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/08/15 07:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/08/15 07:16:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/08/15 07:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/08/15 07:04:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/08/14 20:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/08/14 20:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2013/08/14 11:59:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/08/14 11:59:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/08/14 11:59:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/08/14 11:59:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/08/14 11:59:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/08/14 11:59:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/08/14 11:59:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/08/14 11:59:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/08/14 11:59:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/08/14 11:59:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/08/14 11:59:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/08/14 11:59:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/08/14 11:59:49 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/08/14 11:59:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/08/14 11:59:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/08/14 11:38:09 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/08/14 11:38:09 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2013/08/14 11:38:07 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2013/08/14 11:37:41 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2013/08/14 11:37:41 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2013/08/14 11:37:41 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
    [2013/08/14 11:37:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/08/14 11:37:39 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/08/14 11:37:38 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/08/14 11:37:38 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2013/08/14 11:37:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/08/14 11:37:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/08/14 11:37:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/08/14 11:37:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/08/14 11:37:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/08/14 11:37:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/08/12 14:28:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/08/12 13:43:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/08/12 13:43:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/08/12 13:43:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/08/12 13:43:13 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2013/08/12 13:43:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/08/12 13:42:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/08/12 13:42:39 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2013/08/12 07:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2013/08/11 20:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/08/10 14:11:09 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\Kindle books
    [2013/08/07 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\steves\Documents\ArmA 2 OA Demo
    [2013/08/07 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Local\ArmA 2 OA DEMO
    [2013/08/06 18:40:15 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\MORGAGE
    [2013/08/03 20:57:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
    [2013/07/31 12:02:59 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\config
    [2013/07/27 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Slick Savings
    [2013/07/27 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Local\Slick Savings
    [2013/07/21 19:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2013/07/20 01:51:00 | 000,311,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
    [2013/07/20 01:50:56 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
    [2013/07/20 01:50:56 | 000,071,480 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
    [2013/07/20 01:50:50 | 000,206,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/08/15 12:32:12 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/08/15 12:32:12 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/08/15 12:24:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/15 12:23:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/08/15 12:23:43 | 3168,043,008 | -HS- | M] () -- C:\hiberfil.sys
    [2013/08/15 07:45:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/08/15 07:16:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/08/15 06:51:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/08/14 20:59:44 | 000,001,108 | ---- | M] () -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/08/14 20:59:33 | 000,000,928 | ---- | M] () -- C:\Users\steves\Desktop\NTREGOPT.lnk
    [2013/08/14 20:59:33 | 000,000,909 | ---- | M] () -- C:\Users\steves\Desktop\ERUNT.lnk
    [2013/08/14 17:16:03 | 000,450,694 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/08/14 11:56:33 | 000,741,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/08/14 11:56:33 | 000,620,524 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/08/14 11:56:33 | 000,110,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/08/12 12:15:26 | 000,450,694 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130814-171603.backup
    [2013/08/11 12:46:10 | 000,217,600 | ---- | M] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x64.dll
    [2013/08/11 12:46:10 | 000,176,128 | ---- | M] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x86.dll
    [2013/08/09 10:22:41 | 000,001,354 | ---- | M] () -- C:\Users\steves\Desktop\ROBLOX Player.lnk
    [2013/08/09 10:22:41 | 000,001,173 | ---- | M] () -- C:\Users\steves\Desktop\ROBLOX Studio 2013.lnk
    [2013/08/07 19:08:40 | 000,000,221 | ---- | M] () -- C:\Users\steves\Desktop\Arma 2 Operation Arrowhead Demo.url
    [2013/07/30 17:53:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/07/27 16:04:47 | 000,000,000 | ---- | M] () -- C:\search.sqlite
    [2013/07/26 06:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/07/26 06:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/07/26 06:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/07/26 06:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/07/26 06:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/07/26 06:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/07/26 06:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/07/26 06:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/07/26 04:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/07/26 04:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/07/26 04:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/07/26 04:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/07/26 04:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/07/26 03:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/07/26 02:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/07/25 10:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2013/07/25 09:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2013/07/21 19:15:27 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/07/21 16:18:51 | 000,512,825 | ---- | M] () -- C:\Users\steves\Desktop\FTB_Launcher.exe
    [2013/07/21 09:52:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/07/21 09:52:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
    [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
    [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
    [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/08/15 07:16:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/08/14 20:59:44 | 000,001,108 | ---- | C] () -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/08/14 20:59:33 | 000,000,928 | ---- | C] () -- C:\Users\steves\Desktop\NTREGOPT.lnk
    [2013/08/14 20:59:33 | 000,000,909 | ---- | C] () -- C:\Users\steves\Desktop\ERUNT.lnk
    [2013/08/12 13:43:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/08/12 13:43:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/08/12 13:43:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/08/12 13:43:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/08/12 13:43:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/08/07 19:08:39 | 000,000,221 | ---- | C] () -- C:\Users\steves\Desktop\Arma 2 Operation Arrowhead Demo.url
    [2013/07/31 12:04:06 | 000,217,600 | ---- | C] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x64.dll
    [2013/07/31 12:04:06 | 000,176,128 | ---- | C] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x86.dll
    [2013/07/30 17:53:52 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/07/27 16:04:47 | 000,000,000 | ---- | C] () -- C:\search.sqlite
    [2013/07/21 19:15:27 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/02/04 19:31:57 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2013/02/04 19:31:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/12/09 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/12/09 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2012/11/25 12:57:38 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\.minecraft
    [2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\AVG2012
    [2012/11/25 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Azureus
    [2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\CompuClever
    [2012/11/25 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\FreeAudioPack
    [2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\HTC
    [2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\ImgBurn
    [2012/11/25 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\InfraRecorder
    [2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\iScreensaver
    [2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\NCH Swift Sound
    [2012/06/20 19:49:25 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Outlook
    [2012/11/25 12:57:44 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\SoftGrid Client
    [2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\ssmci
    [2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Temp
    [2011/03/08 21:51:13 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\TP
    [2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\wargaming.net
    [2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Windows Live Writer
    [2013/08/11 12:40:07 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\.minecraft
    [2012/11/25 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\AVG2013
    [2013/08/10 22:45:20 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Azureus
    [2013/02/03 18:00:52 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Firefly Studios
    [2013/07/21 16:18:52 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\ftblauncher
    [2013/04/05 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\HTC
    [2013/04/05 15:20:49 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\HTC Sync
    [2013/07/27 16:04:47 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Slick Savings
    [2012/11/25 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\TuneUp Software
    [2013/06/28 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\uTorrent
    [2013/05/28 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Wargaming.net

    ========== Purity Check ==========



    < End of report >

  6. #6
    Member fatcodycat's Avatar
    Join Date
    Dec 2008
    Posts
    56

    Default

    OTL extra.txt

    OTL Extras logfile created on: 15/08/2013 12:33:50 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = E:\
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16660)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 51.09% Memory free
    7.87 Gb Paging File | 5.41 Gb Available in Paging File | 68.76% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 698.54 Gb Total Space | 115.16 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
    Drive E: | 7.39 Gb Total Space | 6.63 Gb Free Space | 89.71% Space Free | Partition Type: FAT32

    Computer Name: STEVES-PC | User Name: steves | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0C177416-BE7F-401A-8DA7-A4F55F6C07C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2F2DA54B-9103-4F06-98A8-4295063742ED}" = rport=137 | protocol=17 | dir=out | app=system |
    "{3DF6EFC1-1510-4A8C-961E-4FF92C8B1493}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3E26A568-7CC5-4571-9F3A-4380CCBDD780}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3E38527A-F64F-48A7-BF23-4A7212B9FE4D}" = lport=137 | protocol=17 | dir=in | app=system |
    "{40160300-F624-480D-8864-4612A4377CCE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{41A4D8BD-C02C-4439-9B04-E34BD5C7D54E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{42644C3E-7E0C-4E90-85F6-5F4B736CD38F}" = rport=138 | protocol=17 | dir=out | app=system |
    "{4548D47A-B908-44F9-BC74-E46557F2798D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4E36B8CB-1963-4A7C-9CF4-74AAEF1A6E07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{505EB431-94AF-462E-BD21-6089F712D88C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{618B8C4F-A898-4FA0-A4F4-555E73339A1D}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{62ED8CDF-8208-4E15-A503-895F5CCD82EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{66F10385-6C72-4342-9EE6-46F10FDE8965}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6765BA69-5EC1-4EAE-8C35-F584357C00F2}" = lport=445 | protocol=6 | dir=in | app=system |
    "{77AA821E-994C-49AC-A387-21C9E6B40A84}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{7930DE88-8C6F-4B66-B8DA-45543F0A7FBE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{7EFBB4E6-1BBA-45AC-916B-6B5111B4F349}" = lport=139 | protocol=6 | dir=in | app=system |
    "{A255F079-009E-422F-95E6-8A8EC9E99F97}" = rport=139 | protocol=6 | dir=out | app=system |
    "{BDEE3A65-1C3D-40C1-9660-E16EDEE49D0A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C131DB7F-3A90-43DE-88AF-B5DE59237363}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
    "{CCF30E0C-BC74-414A-BF80-A4F4CDC7601A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EB217BAA-BD28-4757-ACD8-3198BB2D73AF}" = rport=445 | protocol=6 | dir=out | app=system |
    "{FD1308CF-4761-4CD4-9A42-214A2F40C161}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0325170F-26C8-4900-8783-1DAB30F9DA1B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{04F22435-685B-4421-B0C2-7036013A4898}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{0630AC47-6BCB-4030-AE2B-A78D1C3740FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
    "{07542E7D-16D0-43AB-A60D-776A11D3D952}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
    "{0AA93831-8F9C-43F5-8167-9FD1F0E03ACD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{0D71D33A-6C10-4EDD-ACC8-A2A0CCF920D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{0EB59C08-A6E9-473A-B7E5-7104ED278C32}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1C378189-1336-46FD-B4E7-E95D6A7E8C28}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{1FECA3C9-B329-4513-B86C-6AC2256A03E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{21C5E38F-9DE3-4037-9CBD-5789DDD09334}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
    "{2459142A-5F95-482A-9E67-1D4CAA240B27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{283CFDEE-5387-4962-B05C-231E487098FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{299FFD1D-731B-4231-855E-3A1F34728BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{29FC8039-E1EB-4AE2-A91F-679FD56D128A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{2FB0DB73-294B-4E88-806C-CDA6DF6222F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{2FCB9ECA-622D-4495-AA38-28D1CC7DCF90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{3700F159-C044-4667-B127-69CE76EFF211}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{383EF20B-B123-4DD6-863F-CFD8EF0B699C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{38C586E3-8434-41C5-9B00-E82DAA51C63B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3A9A6608-47A2-4C9C-AE27-4E90C68BB927}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{3B2EE5F8-664E-489B-8E79-1FB8DBC3ADD7}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
    "{3CA38A24-54D2-4BFB-9FC9-EAE7946A172C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{3F038E27-10D0-47DB-8422-79A2453E29A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe |
    "{4118EC25-0A9E-479C-ABC9-5AA22FEEB882}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe |
    "{41E3FDB2-42C9-4B5F-B820-0E1B7617C873}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
    "{4285073E-D14A-4D30-B36B-70A79B4CD502}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{472BC1CD-F9EE-423D-959E-7ABF5772F5F3}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{48ED5C02-0D4D-4257-82E2-03C2BD037FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
    "{4A17F36E-68BB-4FD1-9D2F-1136427297A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{4B2E7231-107F-4857-8D4E-94ECBA31B14F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{5080C592-E7A1-426B-A30A-DF3B637E26C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{550BFDA4-98CC-4452-85BC-4AF0C41C3502}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{559AD0BF-1121-4802-AD33-C11F61FB3169}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{5B7CEE2C-47DD-47E6-8F18-52418463B907}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{5DACE858-B65F-42E6-A960-E992E565928D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{5EB8D6A5-4314-4119-8F06-923343D52FD2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{5F2D2596-0B08-41DE-8C43-A8035A5FD521}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{5F2DAC03-C0C8-4DCE-BE74-4522154DEE47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
    "{674CDE8F-4BE0-41E8-8043-3C5F7FDDB9B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{682774E6-4170-4B14-8D05-49B8A201116C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe |
    "{68B85203-3C56-4E27-B4D2-B77A23E434FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{6A81DE7F-C888-48CC-9F26-6988E61C521C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{7B57360D-07C0-495E-9BEA-955AFF3DA4D4}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{7DD9DF57-41F6-4335-A960-B97C0FDC0A8B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8954ADAA-CB5D-4973-8929-C79FEAE9442B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{8A30A1D2-53F3-4D60-A453-22BB090E9667}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{8F22C156-AA1D-4551-B8B7-D33B2B8CCE94}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{96DDEE74-B7C7-4C7F-8894-415FDE463D75}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{97FAB04F-CD21-443C-AE66-9CE79AA7411F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{9AF3B55A-6CD1-4539-8AEC-EAF84AB6DA7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A48F2AA3-EB2F-456A-8BDE-49E2AAD8F4E0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{A7425D71-6CF4-43F8-AE50-4AA07FF28536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
    "{AEAFD3FB-7C25-439F-B43F-B0B787919152}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{AF9D8C71-B1B3-4544-8F3A-44CECB75A938}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{B07CF0DF-7BD7-4CE3-8B1A-771CA5B9FC53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B2975E86-B18F-4FB9-BADD-9BA1E8689892}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
    "{B647FBB5-85FE-432C-9FFB-CB02EFBE8DF6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{BAA82818-7693-4C2A-B237-563182F18399}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
    "{BB1D1E2D-D74C-4803-8768-2AF79455B1E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
    "{BC67B4E7-144C-4FA1-AB83-4F39A4E7948F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BF7C7594-10DE-447E-AF8B-28442D0D693D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{C17BC2E8-CCDA-444F-952D-807C673277D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{C2B0C40D-267F-4009-A293-C4939765B47F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{C2CB6172-CA21-4336-8669-87FD8FB6C043}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{C9F7B549-BF0B-4918-92FC-DEFE748C1C6F}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
    "{CB3AEB39-3E6D-4C48-8AA2-37CF4A7407C6}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{D6B280B0-0F31-4F82-9FAB-063D715AEE0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{D7C931C9-AD2F-41AB-ADC2-F292C29A8748}" = protocol=6 | dir=out | app=system |
    "{D7CFEC10-ACB4-4703-BED1-978FCEB00EBE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{DC8D688C-8732-4C9C-82F2-2EEAE3DEDAAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DDA7F8BF-2592-4BD0-AD75-65A7FDFD1C83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe |
    "{DE40352F-3C15-4879-9CE5-845478AE4D22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DEE5BF99-4FCF-4DBE-88C0-42A08C93767E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{E47399C4-79F2-4A13-BE9F-C606CFAE1752}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{EC0AE1EB-593B-44FD-B084-A947F4A7E731}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
    "{F8E04977-23C1-4D45-8286-DF083593CB22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FE462E0F-1D08-4E93-BDFE-C659B315CD6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FFB5C093-0728-4391-AE30-EDC793848ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "TCP Query User{21D7DA48-2922-49F3-9D00-79B8BB96FC19}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{3C0F55E6-4591-428E-BD38-C1362425797A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
    "TCP Query User{484D7C95-643B-4BA3-89BE-C163E35D1FCD}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
    "TCP Query User{5DB47477-1FE8-47F3-8599-53F6131CEB2D}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
    "TCP Query User{6045AC0E-472C-4E97-990A-4E5F4DB4CA92}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
    "TCP Query User{7960ED44-C0C7-47E5-B138-4E77343FF5AE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{919B6CBF-6494-4625-A5EE-F51C198B362E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "TCP Query User{91EAC839-4185-42D0-9D50-11C371B2C14A}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "TCP Query User{9A238C37-8326-448D-9F00-ED02C30056C7}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{A5825FDB-6757-4080-B6C7-923145947CDF}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
    "TCP Query User{ED16C298-C4F4-4920-B230-37AB5A77EF7E}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
    "TCP Query User{F637E4C4-E3F0-47C3-BCF3-14A4DC036314}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{1CB39CDD-9FB1-4247-BC5C-EE973740EBF6}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{1F98E516-B7E7-4FD7-9BE7-65494118C1D0}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
    "UDP Query User{65537A5C-E932-4D44-BD04-E0F30B8899A2}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
    "UDP Query User{69251C5D-8132-43A4-84AF-F7461F7CC235}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
    "UDP Query User{79EC218F-99B1-48BE-ACD1-18728A61DAAC}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{80559A94-E2C6-4ACC-A770-77E7F8F0717E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
    "UDP Query User{974A5532-D398-4B59-BF42-18D1A68A1CB4}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
    "UDP Query User{ACCC6BEC-3838-46BE-B132-7FA37CA69598}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "UDP Query User{BD17CD03-B473-4A1D-B869-7CF15033DB5C}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
    "UDP Query User{C70A51A0-3087-47C6-AC4E-A65293F5F443}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{D9A006DF-4DAF-4475-A0C9-10E19F6861B3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{F23FFCE7-28FF-45DC-AF1C-35F2533ED812}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
    "{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
    "{578831A8-CB47-471F-A552-907EC3E9E040}" = Iomega Encryption
    "{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}" = WD SmartWare
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.39
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.39
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.39
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
    "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
    "{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
    "{E74BF83C-2CA5-48EF-901F-959309E7D9EC}" = AVG 2013
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2013
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ProInst" = Intel PROSet Wireless
    "ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
    "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
    "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
    "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
    "{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1" = World of Warplanes
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{3607FA40-1D0F-4294-B034-6054349E1613}" = Windows Live Messenger
    "{3A787631-66A2-4634-B928-A37E73B58FB6}" = Slick Savings
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
    "{4BFE8ABF-F67A-4353-A05D-F5BA0044ECCA}" = ArcSoft TotalMedia 3.5
    "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
    "{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
    "{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}" = HTC Sync Manager
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
    "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    "{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
    "{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
    "{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
    "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
    "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
    "{CE0C52A9-0C1C-4289-875A-8FB81BB9A367}_is1" = DVD Shrink version 4.1
    "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
    "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
    "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ERUNT_is1" = ERUNT 1.1j
    "ESET Online Scanner" = ESET Online Scanner v3
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 200510" = XCOM: Enemy Unknown
    "Steam App 207610" = The Walking Dead
    "Steam App 33970" = Arma 2: Operation Arrowhead Demo
    "Steam App 8930" = Sid Meier's Civilization V
    "VLC media player" = VLC media player 2.0.3
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013 for steves
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for steves
    "9204f5692a8faf3b" = Dell System Detect
    "Akamai" = Akamai NetSession Interface

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 15/08/2013 02:27:05 | Computer Name = steves-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 15/08/2013 07:24:08 | Computer Name = steves-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 15/08/2013 02:26:45 | Computer Name = steves-PC | Source = Service Control Manager | ID = 7024
    Description = The AVG WatchDog service terminated with service-specific error %%-536804981.

    Error - 15/08/2013 07:23:58 | Computer Name = steves-PC | Source = Service Control Manager | ID = 7024
    Description = The AVG WatchDog service terminated with service-specific error %%-536804981.


    < End of report >

  7. #7
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Thanks for the logs, I was called away today and will be back online late afternoon so I will look over your log and get back to you then.

    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Member fatcodycat's Avatar
    Join Date
    Dec 2008
    Posts
    56

    Default

    brilliant - thank you!

  9. #9
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Just a few things to remove.

    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      [2013/07/27 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Slick Savings
      [2013/07/27 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Local\Slick Savings
      [2013/08/12 12:15:26 | 000,450,694 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130814-171603.backup
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces



    Let me know how your system is behaving now, everything running ok ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Member fatcodycat's Avatar
    Join Date
    Dec 2008
    Posts
    56

    Default

    My "favorites bar" is still not working and the "back" button on internet explorer still does not work, could this be my settings??

    And AVG still says "there are no active components" and still wont update!!


    log file below

    All processes killed
    ========== OTL ==========
    C:\Users\steves\AppData\Roaming\Slick Savings folder moved successfully.
    C:\Users\steves\AppData\Local\Slick Savings folder moved successfully.
    C:\Windows\SysNative\drivers\etc\hosts.20130814-171603.backup moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    E:\cmd.bat deleted successfully.
    E:\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: steven
    ->Java cache emptied: 7229127 bytes
    ->Google Chrome cache emptied: 111093481 bytes
    ->Flash cache emptied: 56994 bytes

    User: steves
    ->Temp folder emptied: 97619202 bytes
    ->Temporary Internet Files folder emptied: 1428362995 bytes
    ->Java cache emptied: 15468 bytes
    ->Flash cache emptied: 523 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1587994 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321377 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,610.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 08152013_221423

    Files\Folders moved on Reboot...
    C:\Users\steves\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\steves\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File\Folder C:\Windows\temp\etilqs_n5ajJWlvkeNSgx7 not found!
    C:\Windows\temp\FireFly(201308152210438FC).log moved successfully.
    C:\Windows\temp\integratedoffice.exe_c2ruidll(201308152210438FC).log moved successfully.
    C:\Windows\temp\integratedoffice.exe_streamserver(201308152210438FC).log moved successfully.
    File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •