It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

DOS/SMURF Attacks, Webpage re-routes, HELP!

Posted 12/23/2012 6:22 AM
#94867
User avatar

sianbootay Valued member

Date Joined Nov 2016
Total Posts: 13
Ive been checking the logs on my NETGEAR N600 Router and noticed [DoS attack: ACK Scan] attack packets in last 20 sec from ip [207.171.163.14], Saturday, Dec 22,2012 20:24:47. <br/>My PC has been horribly slow lately and it just frustrates me SO bad! I know i have some sort of virus. I need this thing gone because backing up my data will be a pain! <br/>Anything i do it jus takes so long to load. Opening up documents, viewing webpages, opening up Winamp, etc. When i browse the internet links will intermittently re-route to some phishing websites. I noticed today that my mouse sometimes 'jumps' and moves quickly for just a split second. PLEASE HELP! <br/> <br/>Here are my logs... <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 10:11:41 PM, on 12/22/2012 <br/>Platform: Unknown Windows (WinNT 6.01.3505 SP1) <br/>MSIE: Internet Explorer v8.00 (8.00.7601.17514) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe <br/>C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe <br/>C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe <br/>C:\Users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe <br/>C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe <br/>C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe <br/>C:\Program Files (x86)\iTunes\iTunesHelper.exe <br/>C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe <br/>C:\Program Files\Alienware\Command Center\AlienFusionController.exe <br/>C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe <br/>C:\Program Files (x86)\Steam\Steam.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Windows\SysWOW64\DllHost.exe <br/>C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe <br/>C:\Program Files (x86)\Steam\GameOverlayUI.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Windows\SysWOW64\NOTEPAD.EXE <br/>C:\Windows\SysWOW64\NOTEPAD.EXE <br/>C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) <br/>F2 - REG:system.ini: UserInit=userinit.exe, <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll <br/>O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll <br/>O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll <br/>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll <br/>O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll <br/>O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll <br/>O4 - HKLM\..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe <br/>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" <br/>O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" <br/>O4 - HKCU\..\Run: [Google Update] "C:\Users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe" /c <br/>O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED <br/>O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-21-2229391427-1754303536-809865111-1010\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') <br/>O4 - HKUS\S-1-5-21-2229391427-1754303536-809865111-1010\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') <br/>O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (User 'Default user') <br/>O4 - Global Startup: Stardock MyColors.lnk = C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll <br/>O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll <br/>O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll <br/>O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL <br/>O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll <br/>O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll <br/>O13 - Gopher Prefix: <br/>O15 - Trusted Zone: *.clonewarsadventures.com <br/>O15 - Trusted Zone: *.freerealms.com <br/>O15 - Trusted Zone: *.soe.com <br/>O15 - Trusted Zone: *.sony.com <br/>O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab <br/>O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll <br/>O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll <br/>O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe <br/>O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) <br/>O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files (x86)\Common Files\Iconix\IconixService.exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe <br/>O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing) <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe <br/>O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe <br/>O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe <br/>O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) <br/>O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe <br/>O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) <br/>O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe <br/>O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files (x86)\TightVNC\tvnserver.exe <br/>O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) <br/>O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe <br/>O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE <br/>O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) <br/>O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) <br/>O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing) <br/> <br/>-- <br/>End of file - 13059 bytes <br/> <br/> <br/>Malwarebytes Anti-Malware 1.65.1.1000 <br/>www.malwarebytes.org <br/> <br/>Database version: v2012.12.22.06 <br/> <br/>Windows 7 Service Pack 1 x64 NTFS <br/>Internet Explorer 8.0.7601.17514 <br/>Sian :: SIAN [administrator] <br/> <br/>12/22/2012 3:44:46 PM <br/>mbam-log-2012-12-22 (15-44-46).txt <br/> <br/>Scan type: Full scan (C:\|) <br/>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM <br/>Scan options disabled: P2P <br/>Objects scanned: 635145 <br/>Time elapsed: 1 hour(s), 8 minute(s), 53 second(s) <br/> <br/>Memory Processes Detected: 0 <br/>(No malicious items detected) <br/> <br/>Memory Modules Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Keys Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Values Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Data Items Detected: 0 <br/>(No malicious items detected) <br/> <br/>Folders Detected: 0 <br/>(No malicious items detected) <br/> <br/>Files Detected: 0 <br/>(No malicious items detected) <br/> <br/>(end) <br/> <br/> <br/>DDS (Ver_2012-11-20.01) - NTFS_AMD64 <br/>Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.10.2 <br/>Run by Sian at 22:10:00 on 2012-12-22 <br/>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.4696 [GMT -8:00] <br/>. <br/>AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} <br/>SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} <br/>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>============== Running Processes =============== <br/>. <br/>C:\Windows\system32\lsm.exe <br/>C:\Windows\system32\svchost.exe -k DcomLaunch <br/>C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe <br/>C:\Windows\system32\svchost.exe -k RPCSS <br/>c:\Program Files\Microsoft Security Client\MsMpEng.exe <br/>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted <br/>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted <br/>C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe <br/>C:\Windows\system32\svchost.exe -k netsvcs <br/>C:\Windows\system32\svchost.exe -k LocalService <br/>C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe <br/>C:\Program Files (x86)\Stardock\MyColors\WBVista.exe <br/>C:\Windows\system32\svchost.exe -k NetworkService <br/>C:\Windows\system32\WLANExt.exe <br/>C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE <br/>C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe <br/>C:\Windows\System32\spoolsv.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork <br/>C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe <br/>C:\Program Files\Alienware\Command Center\AlienFusionService.exe <br/>C:\Windows\system32\svchost.exe -k apphost <br/>C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\Windows\system32\svchost.exe -k ftpsvc <br/>C:\Windows\system32\taskhost.exe <br/>C:\Program Files (x86)\Common Files\Iconix\IconixService.exe <br/>C:\Windows\system32\inetsrv\inetinfo.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe <br/>C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe <br/>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe <br/>C:\Windows\system32\svchost.exe -k imgsvc <br/>C:\Program Files (x86)\TightVNC\tvnserver.exe <br/>C:\Windows\system32\svchost.exe -k iissvcs <br/>C:\Windows\system32\UI0Detect.exe <br/>c:\Program Files\Microsoft Security Client\NisSrv.exe <br/>C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE <br/>C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe <br/>C:\Program Files\Microsoft IntelliPoint\ipoint.exe <br/>C:\Program Files\Microsoft IntelliType Pro\itype.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPHelper.exe <br/>C:\Program Files\Microsoft Security Client\msseces.exe <br/>C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe <br/>C:\Users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe <br/>C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe <br/>C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe <br/>C:\Program Files (x86)\iTunes\iTunesHelper.exe <br/>C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\Windows\system32\SearchIndexer.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation <br/>C:\Windows\System32\svchost.exe -k LocalServicePeerNet <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/>C:\Program Files\Windows Media Player\wmpnetwk.exe <br/>C:\Program Files\Alienware\Command Center\AlienFusionController.exe <br/>C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe <br/>C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe <br/>C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe <br/>C:\Program Files (x86)\Ventrilo\Ventrilo.exe <br/>C:\Program Files (x86)\Steam\Steam.exe <br/>C:\Windows\system32\wuauclt.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Windows\SysWOW64\DllHost.exe <br/>C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe <br/>C:\Program Files (x86)\Steam\GameOverlayUI.exe <br/>C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Windows\servicing\TrustedInstaller.exe <br/>C:\Windows\System32\svchost.exe -k swprv <br/>C:\Windows\system32\taskmgr.exe <br/>C:\Windows\system32\SearchProtocolHost.exe <br/>C:\Windows\system32\SearchFilterHost.exe <br/>C:\Windows\System32\cscript.exe <br/>. <br/>============== Pseudo HJT Report =============== <br/>. <br/>uStart Page = about:blank <br/>uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned> <br/>mWinlogon: Userinit = userinit.exe, <br/>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll <br/>BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll <br/>BHO: IconixBHOClass Class: {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll <br/>BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll <br/>BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll <br/>TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll <br/>TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll <br/>uRun: [Spotify Web Helper] "C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" <br/>uRun: [Google Update] "C:\Users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe" /c <br/>uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED <br/>mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe <br/>mRun: [FAStartup] <no file> <br/>StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe <br/>uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 <br/>mPolicies-Explorer: NoActiveDesktop = dword:1 <br/>mPolicies-Explorer: NoActiveDesktopChanges = dword:1 <br/>mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 <br/>mPolicies-System: ConsentPromptBehaviorUser = dword:3 <br/>mPolicies-System: EnableLUA = dword:0 <br/>mPolicies-System: EnableUIADesktopToggle = dword:0 <br/>mPolicies-System: PromptOnSecureDesktop = dword:0 <br/>mPolicies-System: SoftwareSASGeneration = dword:1 <br/>mPolicies-Windows\System: UseOEMBackground = dword:1 <br/>IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 <br/>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll <br/>IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll <br/>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} <br/>IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll <br/>Trusted Zone: clonewarsadventures.com <br/>Trusted Zone: freerealms.com <br/>Trusted Zone: soe.com <br/>Trusted Zone: sony.com <br/>DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB <br/>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab <br/>DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab <br/>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab <br/>DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab <br/>TCP: NameServer = 192.168.1.1 <br/>TCP: Interfaces\{C1FE8487-9D3D-467F-BF0A-B18184C2976F} : DHCPNameServer = 192.168.1.1 <br/>Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll <br/>Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll <br/>SSODL: WebCheck - <orphaned> <br/>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll <br/>LSA: Notification Packages = scecli FAPassSync <br/>x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s <br/>x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe <br/>x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe <br/>x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" <br/>x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" <br/>x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" <br/>x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe <br/>x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe <br/>x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe <br/>x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey <br/>x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> <br/>x64-Notify: igfxcui - igfxdev.dll <br/>x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll <br/>x64-SSODL: WebCheck - <orphaned> <br/>. <br/>================= FIREFOX =================== <br/>. <br/>FF - ProfilePath - C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\ <br/>FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll <br/>FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll <br/>FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll <br/>FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll <br/>FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll <br/>FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll <br/>FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll <br/>FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll <br/>FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll <br/>FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll <br/>FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll <br/>FF - plugin: C:\Users\Sian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll <br/>FF - ExtSQL: !HIDDEN! 2010-01-17 05:54; ypvhfbosum@ypvhfbosum.org; C:\Users\Sian\Application Data\Mozilla\Firefox\Profiles\zu2rtjde.default\extensions\ypvhfbosum@ypvhfbosum.org.xpi <br/>. <br/>============= SERVICES / DRIVERS =============== <br/>. <br/>R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752] <br/>R0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2011-3-17 20392] <br/>R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] <br/>R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-17 98208] <br/>R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648] <br/>R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800] <br/>R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-13 27136] <br/>R2 IconixService;Iconix Update Service;C:\Program Files (x86)\Common Files\Iconix\IconixService.exe [2012-11-6 284512] <br/>R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-11 399432] <br/>R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-11 676936] <br/>R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] <br/>R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272] <br/>R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704] <br/>R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-3-17 20984] <br/>R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-3-17 67072] <br/>R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-3 25928] <br/>R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] <br/>R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;C:\Windows\System32\drivers\OA002Afx.sys [2011-3-18 219544] <br/>R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\System32\drivers\OA002Ufd.sys [2011-3-18 168864] <br/>R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\System32\drivers\OA002Vid.sys [2011-3-18 306560] <br/>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] <br/>S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] <br/>S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768] <br/>S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848] <br/>S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472] <br/>S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168] <br/>S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176] <br/>S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-3-27 97040] <br/>S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-5 59392] <br/>S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] <br/>S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-18 1255736] <br/>S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-13 10752] <br/>S4 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?] <br/>. <br/>=============== Created Last 30 ================ <br/>. <br/>2012-12-22 22:54:55 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll <br/>2012-12-22 22:54:38 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll <br/>2012-12-22 22:53:21 -------- dc----w- C:\Program Files (x86)\Trend Micro <br/>2012-12-22 22:09:45 9125352 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56AB9D17-1BF2-40A7-97B0-87D4A41B4766}\mpengine.dll <br/>2012-12-18 06:52:44 9125352 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll <br/>2012-12-12 07:48:03 3149824 ----a-w- C:\Windows\System32\win32k.sys <br/>2012-12-12 07:46:59 338432 ----a-w- C:\Windows\System32\conhost.exe <br/>2012-12-12 07:43:09 478208 ----a-w- C:\Windows\System32\dpnet.dll <br/>2012-12-12 07:43:08 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll <br/>2012-12-07 06:58:56 9728 ----a-w- C:\Windows\System32\Wdfres.dll <br/>2012-12-07 06:58:56 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys <br/>2012-12-07 06:58:56 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys <br/>2012-12-07 06:58:56 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui <br/>2012-12-07 06:44:26 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys <br/>2012-12-07 06:44:26 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys <br/>2012-12-07 06:44:25 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll <br/>2012-12-07 06:44:25 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll <br/>2012-12-07 06:44:23 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll <br/>2012-12-07 06:44:22 744448 ----a-w- C:\Windows\System32\WUDFx.dll <br/>2012-12-07 06:44:22 229888 ----a-w- C:\Windows\System32\WUDFHost.exe <br/>2012-12-03 04:07:24 77656 -c--a-w- C:\Windows\System32\XAPOFX1_5.dll <br/>2012-12-03 04:06:59 523088 -c--a-w- C:\Windows\System32\d3dx10_42.dll <br/>2012-12-03 01:21:28 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys <br/>2012-12-03 01:19:30 -------- dc----w- C:\Program Files\iPod <br/>2012-12-03 01:19:28 -------- dc----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 <br/>2012-12-03 01:19:28 -------- dc----w- C:\Program Files\iTunes <br/>2012-12-03 01:19:28 -------- dc----w- C:\Program Files (x86)\iTunes <br/>2012-12-03 01:09:37 -------- dc----w- C:\Program Files\Bonjour <br/>2012-12-03 01:09:37 -------- dc----w- C:\Program Files (x86)\Bonjour <br/>2012-12-01 09:53:53 972264 -c----w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7083D733-3BCA-4ECB-B1B5-2BE1E7C7DD63}\gapaengine.dll <br/>. <br/>==================== Find3M ==================== <br/>. <br/>2012-12-22 22:52:58 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll <br/>2012-12-12 07:55:20 2048 ----a-w- C:\Windows\SysWow64\tzres.dll <br/>2012-12-12 07:55:20 2048 ----a-w- C:\Windows\System32\tzres.dll <br/>2012-12-12 07:54:22 1188864 ----a-w- C:\Windows\System32\wininet.dll <br/>2012-12-12 07:54:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll <br/>2012-12-12 07:54:21 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb <br/>2012-12-12 07:54:21 1638912 ----a-w- C:\Windows\System32\mshtml.tlb <br/>2012-12-07 07:05:17 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll <br/>2012-12-07 07:05:17 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll <br/>2012-12-07 07:05:17 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll <br/>2012-12-07 07:05:17 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll <br/>2012-12-07 06:58:14 8192 ----a-w- C:\Windows\SysWow64\iisrstap.dll <br/>2012-12-07 06:58:14 55296 ----a-w- C:\Windows\System32\admwprox.dll <br/>2012-12-07 06:58:14 50688 ----a-w- C:\Windows\SysWow64\admwprox.dll <br/>2012-12-07 06:58:14 26624 ----a-w- C:\Windows\SysWow64\ahadmin.dll <br/>2012-12-07 06:58:14 192000 ----a-w- C:\Windows\System32\iisRtl.dll <br/>2012-12-07 06:58:14 154624 ----a-w- C:\Windows\SysWow64\iisRtl.dll <br/>2012-12-07 06:58:14 15360 ----a-w- C:\Windows\SysWow64\iisreset.exe <br/>2012-12-07 06:58:14 14848 ----a-w- C:\Windows\System32\wamregps.dll <br/>2012-12-07 06:58:14 10752 ----a-w- C:\Windows\SysWow64\wamregps.dll <br/>2012-12-07 06:58:13 60928 ----a-w- C:\Windows\System32\ahadmin.dll <br/>2012-12-07 06:58:13 16896 ----a-w- C:\Windows\System32\iisreset.exe <br/>2012-12-07 06:58:13 11264 ----a-w- C:\Windows\System32\iisrstap.dll <br/>2012-12-07 06:57:54 70656 ----a-w- C:\Windows\System32\nlaapi.dll <br/>2012-12-07 06:57:54 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll <br/>2012-12-07 06:57:54 303104 ----a-w- C:\Windows\System32\nlasvc.dll <br/>2012-12-07 06:57:54 246272 ----a-w- C:\Windows\System32\netcorehc.dll <br/>2012-12-07 06:57:54 216576 ----a-w- C:\Windows\System32\ncsi.dll <br/>2012-12-07 06:57:54 18944 ----a-w- C:\Windows\SysWow64\netevent.dll <br/>2012-12-07 06:57:54 18944 ----a-w- C:\Windows\System32\netevent.dll <br/>2012-12-07 06:57:54 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll <br/>2012-12-07 06:57:54 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll <br/>2012-12-07 06:57:53 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll <br/>2012-12-07 06:57:53 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys <br/>2012-12-07 06:57:53 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys <br/>2012-12-07 06:44:18 95744 ----a-w- C:\Windows\System32\synceng.dll <br/>2012-12-07 06:44:18 78336 ----a-w- C:\Windows\SysWow64\synceng.dll <br/>2012-12-07 06:44:14 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll <br/>2012-12-07 06:44:14 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll <br/>2012-12-07 06:44:14 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll <br/>2012-11-02 11:03:11 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys <br/>2012-11-02 11:00:00 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe <br/>2012-11-02 10:59:59 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe <br/>2012-11-02 10:59:59 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe <br/>2012-11-02 10:59:05 220160 ----a-w- C:\Windows\System32\wintrust.dll <br/>2012-11-02 10:59:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll <br/>2012-11-02 10:58:43 715776 ----a-w- C:\Windows\System32\kerberos.dll <br/>2012-11-02 10:58:43 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll <br/>2012-11-02 10:56:49 184320 ----a-w- C:\Windows\System32\cryptsvc.dll <br/>2012-11-02 10:56:49 1464320 ----a-w- C:\Windows\System32\crypt32.dll <br/>2012-11-02 10:56:49 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll <br/>2012-11-02 10:56:49 140288 ----a-w- C:\Windows\System32\cryptnet.dll <br/>2012-11-02 10:56:49 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll <br/>2012-11-02 10:56:49 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll <br/>2012-10-06 20:42:03 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe <br/>2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys <br/>2012-09-28 18:32:56 5989776 -c--a-w- C:\Windows\System32\usbaaplrc.dll <br/>2012-09-28 18:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys <br/>. <br/>============= FINISH: 22:10:53.98 ===============
Posted 12/23/2012 9:18 AM
#94869
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello :-) <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt" lang=EN><BR style="mso-special-character: line-break">[3]<SPAN style="FONT-FAMILY: 'Adobe Garamond Pro Bold'; COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB><SPAN style="FONT-FAMILY: Tahoma; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>We need to get a comprehensive report of what is present in your system.<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN><o:p> </o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>Download <SPAN style="mso-bidi-font-weight: bold">OTL by OldTimer, saving it to your desktop: <SPAN style="FONT-FAMILY: Tahoma; COLOR: black; FONT-SIZE: 10pt"><SPAN style="COLOR: black; mso-ansi-language: EN-GB" lang=EN-GB>http://oldtimer.geekstogo.com/OTL.exe[/3][/url]<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB><o:p> </o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: black; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB><o:p> </o:p> <br/> <br/><UL type=disc> <br/><LI style="LINE-HEIGHT: 16.8pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: #e7eaef; COLOR: black; mso-list: l1 level1 lfo1; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.<o:p></o:p></LI> <br/><LI style="LINE-HEIGHT: 16.8pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: #e7eaef; COLOR: black; mso-list: l1 level1 lfo1; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt">Select <SPAN style="FONT-FAMILY: Tahoma; FONT-WEIGHT: normal; mso-bidi-font-weight: bold">All Users<o:p></o:p></LI> <br/><LI style="LINE-HEIGHT: 16.8pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: #e7eaef; COLOR: black; mso-list: l1 level1 lfo1; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>Under the Custom Scan box paste this in:</LI></UL> <br/><PRE style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0cm; PADDING-LEFT: 0cm; PADDING-RIGHT: 0cm; BACKGROUND: #dbedf7; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0cm; mso-border-alt: inset windowtext .75pt; mso-padding-alt: 5.0pt 5.0pt 5.0pt 5.0pt"><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'" lang=EN-GB>[2][/2]</PRE> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>activex<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>msconfig<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>%SYSTEMDRIVE%\*.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>%PROGRAMFILES%\*.exe<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>%LOCALAPPDATA%\*.exe<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>%windir%\Installer\*.*<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>%windir%\system32\tasks\*.*<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>%systemroot%\Fonts\*.exe<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>%systemroot%\*. /mp /s<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>/md5start<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>consrv.dll<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>explorer.exe<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>winlogon.exe<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>regedit.exe<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>Userinit.exe<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>svchost.exe<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>MRESP50.SYS<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>CBPSp50.sys<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>/md5stop<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>C:\Windows\assembly\tmp\U\*.* /s<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>%Temp%\smtmp\1\*.*<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>%Temp%\smtmp\2\*.*<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>%Temp%\smtmp\3\*.*<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>%Temp%\smtmp\4\*.*<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>>C:\commands.txt echo list vol /raw /hide /c<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>/wait<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>/wait<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>type c:\diskreport.txt /c<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>/wait<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>erase c:\commands.txt /hide /c<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>/wait<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>erase c:\diskreport.txt /hide /c<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; COLOR: #4c6573; FONT-SIZE: 10pt">CREATERESTOREPOINT<o:p></o:p> <br/> <br/><UL type=disc> <br/><LI style="LINE-HEIGHT: 13.5pt; MARGIN: 0cm 15pt 0pt 0cm; BACKGROUND: white; mso-list: l0 level1 lfo2; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt"><o:p> </o:p></LI> <br/><LI style="LINE-HEIGHT: 16.8pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: #e7eaef; COLOR: black; mso-list: l0 level1 lfo2; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>Click the <SPAN class=bbcu1>Quick Scan button. Do not change any settings unless otherwise told to do so. <SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt">The scan wont take long.<o:p></o:p></LI></UL> <br/><UL type=disc> <br/><UL type=disc> <br/><LI style="LINE-HEIGHT: 16.8pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: #e7eaef; COLOR: black; mso-list: l0 level2 lfo3; tab-stops: list 72.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN-GB" lang=EN-GB>When the scan completes, it will open two notepad windows. <SPAN style="FONT-FAMILY: Tahoma; FONT-WEIGHT: normal; mso-bidi-font-weight: bold">OTL.Txt and <SPAN style="FONT-FAMILY: Tahoma; FONT-WEIGHT: normal; mso-bidi-font-weight: bold">Extras.Txt. These are saved in the same location as OTL.<o:p></o:p></LI> <br/><LI style="LINE-HEIGHT: 16.8pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: #e7eaef; COLOR: black; mso-list: l0 level2 lfo3; tab-stops: list 72.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt">Post both logs<o:p></o:p></LI></UL></UL>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/24/2012 4:06 AM
#94876
User avatar

sianbootay Valued member

Date Joined Nov 2016
Total Posts: 13
OTL <br/> <br/>OTL logfile created on: 12/23/2012 7:45:01 PM - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sian\Desktop <br/>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation <br/>Internet Explorer (Version = 8.0.7601.17514) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>7.97 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 75.53% Memory free <br/>15.93 Gb Paging File | 13.73 Gb Available in Paging File | 86.20% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) <br/>Drive C: | 148.95 Gb Total Space | 28.05 Gb Free Space | 18.83% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: SIAN | User Name: Sian | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Processes (SafeList) ==========[/color] <br/> <br/>PRC - [2012/12/23 19:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe <br/>PRC - [2012/12/04 22:30:53 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe <br/>PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe <br/>PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe <br/>PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe <br/>PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>PRC - [2012/07/16 14:33:44 | 001,193,176 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe <br/>PRC - [2012/05/12 19:13:29 | 006,380,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe <br/>PRC - [2012/03/19 14:55:54 | 000,284,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Iconix\IconixService.exe <br/>PRC - [2012/02/29 16:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe <br/>PRC - [2012/02/29 12:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe <br/>PRC - [2010/08/13 16:33:38 | 001,362,544 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe <br/>PRC - [2010/07/08 05:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe <br/>PRC - [2010/05/21 13:34:38 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe <br/>PRC - [2010/05/21 13:33:48 | 000,063,304 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe <br/>PRC - [2010/05/21 09:38:54 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe <br/>PRC - [2010/04/04 10:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe <br/>PRC - [2010/04/04 10:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe <br/>PRC - [2010/04/04 10:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe <br/> <br/> <br/>[color=#E56717]========== Modules (No Company Name) ==========[/color] <br/> <br/>MOD - [2012/12/22 13:57:11 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll <br/>MOD - [2012/12/22 13:55:55 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll <br/>MOD - [2012/12/22 13:55:52 | 000,969,280 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll <br/>MOD - [2012/12/22 13:55:50 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll <br/>MOD - [2012/12/22 13:55:48 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll <br/>MOD - [2012/12/22 13:55:46 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll <br/>MOD - [2012/12/08 00:59:51 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll <br/>MOD - [2012/12/08 00:59:07 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll <br/>MOD - [2012/12/06 22:45:34 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll <br/>MOD - [2012/07/16 14:33:44 | 001,193,176 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe <br/>MOD - [2012/06/12 12:49:22 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll <br/>MOD - [2012/06/12 12:47:52 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll <br/>MOD - [2012/05/11 18:06:58 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll <br/>MOD - [2012/05/11 18:06:58 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll <br/>MOD - [2012/05/11 18:06:58 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll <br/>MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll <br/>MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll <br/>MOD - [2011/05/06 17:01:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll <br/>MOD - [2011/05/06 17:01:07 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll <br/>MOD - [2011/05/06 16:59:28 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll <br/>MOD - [2011/05/06 16:59:03 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll <br/>MOD - [2011/05/06 16:58:53 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll <br/>MOD - [2011/03/17 22:34:11 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll <br/>MOD - [2011/03/17 22:34:11 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll <br/>MOD - [2011/03/17 22:34:11 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll <br/>MOD - [2011/03/17 22:34:10 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll <br/>MOD - [2011/03/17 22:34:10 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll <br/>MOD - [2011/03/17 22:34:10 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll <br/>MOD - [2011/03/17 22:34:09 | 000,037,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll <br/>MOD - [2011/03/17 22:34:09 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll <br/>MOD - [2011/03/17 22:34:09 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll <br/>MOD - [2011/03/17 22:34:09 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll <br/>MOD - [2011/03/17 22:34:09 | 000,025,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll <br/>MOD - [2011/03/17 22:34:09 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll <br/>MOD - [2011/03/17 22:34:08 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll <br/>MOD - [2011/03/17 22:34:08 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll <br/>MOD - [2011/03/17 22:34:08 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll <br/>MOD - [2011/03/17 22:34:08 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll <br/>MOD - [2011/03/17 22:34:08 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll <br/>MOD - [2010/08/13 16:33:38 | 001,362,544 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe <br/>MOD - [2010/06/17 16:40:52 | 000,057,904 | ---- | M] () -- C:\Windows\SysWOW64\wbload.dll <br/>MOD - [2010/05/21 09:39:00 | 000,154,424 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll <br/>MOD - [2010/05/21 09:38:54 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe <br/>MOD - [2010/04/04 10:45:06 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll <br/>MOD - [2010/04/04 10:44:12 | 000,059,208 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll <br/>MOD - [2010/04/04 10:42:44 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll <br/>MOD - [2009/12/18 10:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll <br/> <br/> <br/>[color=#E56717]========== Services (SafeList) ==========[/color] <br/> <br/>SRV:64bit: - [2012/12/06 22:58:06 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc) <br/>SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) <br/>SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) <br/>SRV:64bit: - [2011/05/06 17:02:04 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) <br/>SRV:64bit: - [2010/05/21 09:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService) <br/>SRV:64bit: - [2010/04/18 19:17:10 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) <br/>SRV:64bit: - [2010/04/04 10:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService) <br/>SRV:64bit: - [2010/02/02 13:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) <br/>SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) <br/>SRV:64bit: - [2009/07/13 17:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC) <br/>SRV - [2012/10/24 09:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) <br/>SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) <br/>SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) <br/>SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) <br/>SRV - [2012/04/17 12:12:57 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock) <br/>SRV - [2012/03/19 14:55:54 | 000,284,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Iconix\IconixService.exe -- (IconixService) <br/>SRV - [2012/02/29 16:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) <br/>SRV - [2012/02/29 12:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) <br/>SRV - [2011/05/06 16:59:34 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) <br/>SRV - [2011/05/06 16:58:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) <br/>SRV - [2011/05/06 16:58:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) <br/>SRV - [2010/07/08 05:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver) <br/>SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) <br/>SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) <br/>SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) <br/>SRV - [2009/06/09 08:56:16 | 000,337,200 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds) <br/> <br/> <br/>[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) <br/>DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) <br/>DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) <br/>DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) <br/>DRV:64bit: - [2012/04/14 07:57:35 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) <br/>DRV:64bit: - [2012/01/17 04:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) <br/>DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) <br/>DRV:64bit: - [2011/05/06 16:59:08 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) <br/>DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) <br/>DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) <br/>DRV:64bit: - [2011/02/22 15:17:34 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) <br/>DRV:64bit: - [2011/01/15 08:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) <br/>DRV:64bit: - [2011/01/01 09:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) <br/>DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) <br/>DRV:64bit: - [2010/09/29 10:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM) <br/>DRV:64bit: - [2010/09/29 10:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2) <br/>DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) <br/>DRV:64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) <br/>DRV:64bit: - [2010/02/02 13:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) <br/>DRV:64bit: - [2010/02/02 13:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL) <br/>DRV:64bit: - [2010/02/02 13:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) <br/>DRV:64bit: - [2010/01/22 09:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) <br/>DRV:64bit: - [2009/12/28 20:25:16 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) <br/>DRV:64bit: - [2009/11/10 14:18:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) <br/>DRV:64bit: - [2009/08/18 07:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) <br/>DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) <br/>DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) <br/>DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) <br/>DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) <br/>DRV:64bit: - [2009/06/26 14:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC) <br/>DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) <br/>DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) <br/>DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) <br/>DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) <br/>DRV:64bit: - [2008/09/24 18:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP) <br/>DRV:64bit: - [2008/07/31 17:01:00 | 000,306,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Vid.sys -- (OA002Vid) <br/>DRV:64bit: - [2008/06/03 01:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Ufd.sys -- (OA002Ufd) <br/>DRV:64bit: - [2007/06/07 17:00:02 | 000,219,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Afx.sys -- (OA002Afx) <br/>DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) <br/>DRV - [2009/06/26 14:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC) <br/> <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} <br/>IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} <br/>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC <br/> <br/> <br/>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/> <br/> <br/>IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank <br/>IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ <br/>IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us <br/>IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 01 A9 5A 05 02 CC 01 [binary data] <br/>IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found <br/>IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} <br/>IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC <br/>IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/>IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local <br/> <br/> <br/>[color=#E56717]========== FireFox ==========[/color] <br/> <br/>FF - user.js - File not found <br/> <br/>FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () <br/>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found <br/>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) <br/>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) <br/>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) <br/> <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/06 12:16:37 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins <br/> <br/>[2012/07/03 20:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Extensions <br/>[2012/12/08 02:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions <br/>[2012/12/08 02:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\extensions <br/>[2012/05/20 21:47:59 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi <br/>[1627/09/29 05:13:27 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\ypvhfbosum@ypvhfbosum.org.xpi <br/>[2099/01/01 12:00:00 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\extensions\ypvhfbosum@ypvhfbosum.org.xpi <br/>[2012/11/06 12:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions <br/>[2012/10/24 09:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll <br/>[2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml <br/>[2012/10/24 09:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml <br/> <br/>[color=#E56717]========== Chrome ==========[/color] <br/> <br/>CHR - homepage: http://www.alienware.com/ <br/>CHR - default_search_provider: Google (Enabled) <br/>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} <br/>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, <br/>CHR - homepage: http://www.alienware.com/ <br/>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sian\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll <br/>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sian\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll <br/>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer <br/>CHR - plugin: Native Client (Enabled) = C:\Users\Sian\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll <br/>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sian\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll <br/>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll <br/>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll <br/>CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll <br/>CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll <br/>CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll <br/>CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll <br/>CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll <br/>CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll <br/>CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll <br/>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll <br/>CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll <br/>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll <br/>CHR - Extension: YouTube = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ <br/>CHR - Extension: Adblock Plus = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ <br/>CHR - Extension: Google Search = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ <br/>CHR - Extension: AdBlock = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\ <br/>CHR - Extension: Hedgehog in the fog = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0\ <br/>CHR - Extension: 1Click Downloader = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.5_0\ <br/>CHR - Extension: Gmail = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ <br/> <br/>O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts <br/>O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) <br/>O2 - BHO: (IconixBHOClass Class) - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll () <br/>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) <br/>O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision ) <br/>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) <br/>O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) <br/>O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. <br/>O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found. <br/>O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. <br/>O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) <br/>O4:64bit: - HKLM..\Run: [] File not found <br/>O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) <br/>O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) <br/>O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) <br/>O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) <br/>O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) <br/>O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) <br/>O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) <br/>O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) <br/>O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) <br/>O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () <br/>O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) <br/>O4 - HKLM..\Run: [FAStartup] File not found <br/>O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision ) <br/>O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) <br/>O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) <br/>O4 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) <br/>O4 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000..\Run: [Spotify Web Helper] C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () <br/>O4 - HKU\S-1-5-21-2229391427-1754303536-809865111-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) <br/>O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found <br/>O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found <br/>O4 - HKU\S-1-5-21-2229391427-1754303536-809865111-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found <br/>O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation) <br/>O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation) <br/>O4 - Startup: C:\Users\TEMP.SIAN.015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation) <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 <br/>O7 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 <br/>O9 - Extra 'Tools' menuitem : Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll () <br/>O9 - Extra 'Tools' menuitem : About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll () <br/>O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) <br/>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) <br/>O1364bit: - gopher Prefix: missing <br/>O13 - gopher Prefix: missing <br/>O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) <br/>O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) <br/>O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) <br/>O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) <br/>O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) <br/>O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) <br/>O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) <br/>O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) <br/>O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) <br/>O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) <br/>O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) <br/>O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) <br/>O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) <br/>O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) <br/>O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) <br/>O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) <br/>O15 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) <br/>O15 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) <br/>O15 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..Trusted Domains: soe.com ([]* in Trusted sites) <br/>O15 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..Trusted Domains: sony.com ([]* in Trusted sites) <br/>O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class) <br/>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2) <br/>O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10) <br/>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10) <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1FE8487-9D3D-467F-BF0A-B18184C2976F}: DhcpNameServer = 192.168.1.1 <br/>O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found <br/>O18:64bit: - Protocol\Handler\ms-help - No CLSID value found <br/>O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) <br/>O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) <br/>O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) <br/>O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found <br/>O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll () <br/>O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. <br/>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. <br/>O32 - HKLM CDRom: AutoRun - 1 <br/>O33 - MountPoints2\{82fac096-78ac-11e1-a96b-5c260a3b9713}\Shell - "" = AutoRun <br/>O33 - MountPoints2\{82fac096-78ac-11e1-a96b-5c260a3b9713}\Shell\AutoRun\command - "" = D:\setup.exe <br/>O34 - HKLM BootExecute: (autocheck autochk *) <br/>O35:64bit: - HKLM\..comfile [open] -- "%1" %* <br/>O35:64bit: - HKLM\..exefile [open] -- "%1" %* <br/>O35 - HKLM\..comfile [open] -- "%1" %* <br/>O35 - HKLM\..exefile [open] -- "%1" %* <br/>O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* <br/>O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O37 - HKLM\...com [@ = comfile] -- "%1" %* <br/>O37 - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) <br/>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) <br/> <br/>ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 <br/>ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll <br/>ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack <br/>ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE <br/>ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx <br/>ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help <br/>ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 <br/>ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools <br/>ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements <br/>ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player <br/>ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access <br/>ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 <br/>ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll <br/>ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings <br/>ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install <br/>ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding <br/>ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts <br/>ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help <br/>ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface <br/>ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework <br/>ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework <br/>ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP <br/>ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig <br/>ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP <br/>ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) <br/>ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 <br/>ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll <br/>ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack <br/>ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) <br/>ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE <br/>ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx <br/>ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help <br/>ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 <br/>ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools <br/>ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements <br/>ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player <br/>ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access <br/>ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 <br/>ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework <br/>ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll <br/>ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings <br/>ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install <br/>ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding <br/>ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts <br/>ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework <br/>ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help <br/>ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface <br/>ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate <br/>ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework <br/>ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP <br/>ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig <br/>ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP <br/> <br/>MsConfig:64bit - StartUpFolder: C:^Users^Sian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe - (Nullsoft, Inc.) <br/>MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) <br/>MsConfig:64bit - StartUpReg: BitTorrent - hkey= - key= - C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) <br/>MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) <br/>MsConfig:64bit - StartUpReg: DS3 Tool - hkey= - key= - C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com) <br/>MsConfig:64bit - StartUpReg: FATrayAlert - hkey= - key= - C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision ) <br/>MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) <br/>MsConfig:64bit - StartUpReg: Logitech G35 - hkey= - key= - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) <br/>MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () <br/>MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) <br/>MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) <br/>MsConfig:64bit - StartUpReg: tvncontrol - hkey= - key= - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.) <br/>MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) <br/>MsConfig:64bit - State: "startup" - Reg Error: Key error. <br/>MsConfig:64bit - State: "services" - Reg Error: Key error. <br/> <br/>CREATERESTOREPOINT <br/>Restore point Set: OTL Restore Point <br/> <br/>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] <br/> <br/>[2012/12/23 19:43:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe <br/>[2012/12/22 14:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java <br/>[2012/12/22 14:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis <br/>[2012/12/22 14:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro <br/>[2012/12/22 14:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee <br/>[2012/12/12 21:53:14 | 000,000,000 | ---D | C] -- C:\Users\Sian\Documents\siansundy <br/>[2012/12/02 17:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud <br/>[2012/12/02 17:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes <br/>[2012/12/02 17:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod <br/>[2012/12/02 17:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes <br/>[2012/12/02 17:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes <br/>[2012/12/02 17:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 <br/>[2012/12/02 17:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour <br/>[2012/12/02 17:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour <br/>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2012/12/23 19:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe <br/>[2012/12/23 19:37:53 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 <br/>[2012/12/23 19:37:53 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 <br/>[2012/12/23 19:18:55 | 000,878,778 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI <br/>[2012/12/23 19:18:55 | 000,732,516 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat <br/>[2012/12/23 19:18:55 | 000,146,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat <br/>[2012/12/23 19:12:39 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job <br/>[2012/12/23 19:12:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat <br/>[2012/12/23 19:11:40 | 2119,815,167 | -HS- | M] () -- C:\hiberfil.sys <br/>[2012/12/23 16:02:30 | 000,423,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT <br/>[2012/12/22 15:39:35 | 000,007,606 | ---- | M] () -- C:\Users\Sian\AppData\Local\Resmon.ResmonCfg <br/>[2012/12/15 14:52:00 | 000,000,219 | ---- | M] () -- C:\Users\Sian\Desktop\Dota 2.url <br/>[2012/12/15 01:18:34 | 000,002,474 | ---- | M] () -- C:\Users\Sian\Desktop\Google Chrome.lnk <br/>[2012/12/06 22:59:15 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf <br/>[2012/12/06 22:45:08 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf <br/>[2012/12/02 17:21:33 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk <br/>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files Created - No Company Name ==========[/color] <br/> <br/>[2012/12/15 14:52:00 | 000,000,219 | ---- | C] () -- C:\Users\Sian\Desktop\Dota 2.url <br/>[2012/12/06 22:59:00 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf <br/>[2012/12/06 22:44:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf <br/>[2012/12/02 17:21:33 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk <br/>[2012/04/29 15:32:55 | 000,037,837 | ---- | C] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (DOS).ADR <br/>[2012/03/28 00:53:46 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll <br/>[2012/03/28 00:25:38 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib <br/>[2012/03/10 11:01:34 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat <br/>[2012/02/29 12:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe <br/>[2011/11/17 13:06:43 | 000,000,021 | ---- | C] () -- C:\Windows\SysWow64\Config.ini <br/>[2011/10/27 13:11:12 | 000,000,092 | ---- | C] () -- C:\Users\Sian\AppData\Local\fusioncache.dat <br/>[2011/05/30 22:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll <br/>[2011/05/30 22:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll <br/>[2011/05/06 21:17:11 | 000,006,656 | ---- | C] () -- C:\Users\Sian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini <br/>[2011/03/27 02:01:16 | 000,000,600 | ---- | C] () -- C:\Users\Sian\AppData\Roaming\winscp.rnd <br/>[2011/03/23 21:59:33 | 000,000,268 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini <br/>[2011/03/18 12:57:26 | 000,007,606 | ---- | C] () -- C:\Users\Sian\AppData\Local\Resmon.ResmonCfg <br/>[2011/03/18 11:47:40 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin <br/>[2011/03/17 22:22:44 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin <br/>[2011/03/17 22:22:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin <br/>[2011/03/17 22:22:44 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin <br/>[2011/03/17 22:22:44 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin <br/>[2011/03/17 21:39:01 | 000,896,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI <br/>[2011/03/17 20:26:51 | 000,061,224 | ---- | C] () -- C:\Users\Sian\GoToAssistDownloadHelper.exe <br/> <br/>[color=#E56717]========== ZeroAccess Check ==========[/color] <br/> <br/>[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\shell32.dll -- [2012/07/12 18:57:09 | 014,172,672 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/>"" = %SystemRoot%\system32\shell32.dll -- [2012/07/12 18:57:09 | 012,873,728 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] <br/>"" = %systemroot%\system32\wbem\fastprox.dll -- [2011/05/06 16:59:30 | 000,606,208 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Both <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] <br/> <br/>[color=#E56717]========== LOP Check ==========[/color] <br/> <br/>[2012/12/23 19:54:07 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\BitTorrent <br/>[2012/11/06 12:02:50 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Iconix <br/>[2011/03/20 01:22:01 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Leadertech <br/>[2011/05/05 20:02:18 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\LolClient <br/>[2011/04/15 21:33:29 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\MotioninJoy <br/>[2011/03/27 22:46:44 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Need for Speed World <br/>[2012/05/17 23:04:16 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\runic games <br/>[2011/03/27 22:41:08 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Sony <br/>[2012/07/16 14:42:26 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Spotify <br/>[2011/03/27 03:40:26 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\TightVNC <br/> <br/>[color=#E56717]========== Purity Check ==========[/color] <br/> <br/> <br/> <br/>[color=#E56717]========== Custom Scans ==========[/color] <br/> <br/>[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color] <br/>[2012/05/13 15:21:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin <br/>[2011/03/19 05:06:57 | 000,000,000 | ---D | M] -- C:\a14a385148056b4b94c8 <br/>[2011/03/17 21:40:15 | 000,000,000 | ---D | M] -- C:\dell <br/>[2009/07/13 21:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings <br/>[2011/04/19 16:12:17 | 000,000,000 | ---D | M] -- C:\extensions <br/>[2011/03/27 00:45:28 | 000,000,000 | ---D | M] -- C:\inetpub <br/>[2011/03/17 20:30:03 | 000,000,000 | ---D | M] -- C:\Intel <br/>[2011/04/23 15:16:44 | 000,000,000 | RH-D | M] -- C:\MSOCache <br/>[2012/05/17 23:59:42 | 000,000,000 | ---D | M] -- C:\NVIDIA <br/>[2012/07/12 19:22:06 | 000,000,000 | ---D | M] -- C:\PerfLogs <br/>[2012/12/02 17:19:30 | 000,000,000 | R--D | M] -- C:\Program Files <br/>[2012/12/22 14:53:21 | 000,000,000 | R--D | M] -- C:\Program Files (x86) <br/>[2012/12/22 14:52:24 | 000,000,000 | -H-D | M] -- C:\ProgramData <br/>[2011/03/17 19:14:54 | 000,000,000 | -HSD | M] -- C:\Recovery <br/>[2012/12/23 19:48:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information <br/>[2012/12/23 19:14:57 | 000,000,000 | R--D | M] -- C:\Users <br/>[2012/12/06 23:10:20 | 000,000,000 | ---D | M] -- C:\Windows <br/> <br/>[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color] <br/> <br/>[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color] <br/> <br/>[color=#A23BEC]< %windir%\Installer\*.* >[/color] <br/>[2011/09/04 01:11:06 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\10c24b6.ipi <br/>[2011/08/01 14:59:06 | 001,978,368 | ---- | M] () -- C:\Windows\Installer\10c24bd.msi <br/>[2011/11/14 10:56:43 | 000,024,576 | ---- | M] () -- C:\Windows\Installer\1289bb.ipi <br/>[2011/10/17 10:31:18 | 000,926,208 | ---- | M] () -- C:\Windows\Installer\128a7a.msi <br/>[2011/03/23 21:58:08 | 004,070,912 | ---- | M] () -- C:\Windows\Installer\12cb9d.msi <br/>[2011/10/26 16:36:14 | 002,829,312 | R--- | M] () -- C:\Windows\Installer\13d159.msp <br/>[2011/06/21 11:59:26 | 001,764,352 | R--- | M] () -- C:\Windows\Installer\13d172.msp <br/>[2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\13d188.msp <br/>[2011/11/01 13:34:56 | 004,250,112 | R--- | M] () -- C:\Windows\Installer\13d1af.msp <br/>[2011/08/10 17:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\13d1c5.msp <br/>[2011/03/17 20:03:50 | 000,308,736 | R--- | M] () -- C:\Windows\Installer\13d20d.msp <br/>[2011/09/08 18:19:41 | 002,323,456 | ---- | M] () -- C:\Windows\Installer\143f2f.msi <br/>[2012/09/25 12:39:06 | 001,760,768 | R--- | M] () -- C:\Windows\Installer\1470e1.msp <br/>[2012/09/25 12:38:52 | 011,885,568 | R--- | M] () -- C:\Windows\Installer\1470f9.msp <br/>[2012/09/25 12:35:18 | 009,101,824 | R--- | M] () -- C:\Windows\Installer\14710f.msp <br/>[2012/09/25 12:35:46 | 004,285,952 | R--- | M] () -- C:\Windows\Installer\147125.msp <br/>[2012/09/06 10:16:24 | 025,810,944 | R--- | M] () -- C:\Windows\Installer\14713c.msp <br/>[2012/09/25 12:35:30 | 007,695,360 | R--- | M] () -- C:\Windows\Installer\147151.msp <br/>[2012/09/25 12:36:20 | 008,465,408 | R--- | M] () -- C:\Windows\Installer\147167.msp <br/>[2012/09/10 09:35:36 | 015,580,672 | R--- | M] () -- C:\Windows\Installer\14717c.msp <br/>[2012/10/24 15:24:30 | 005,007,872 | R--- | M] () -- C:\Windows\Installer\147191.msp <br/>[2012/04/13 02:15:24 | 000,779,264 | ---- | M] () -- C:\Windows\Installer\156eaba.msi <br/>[2012/03/15 13:26:06 | 004,212,736 | R--- | M] () -- C:\Windows\Installer\15de16.msp <br/>[2012/04/22 21:46:00 | 001,187,328 | R--- | M] () -- C:\Windows\Installer\15de1e.msp <br/>[2012/05/30 06:17:06 | 005,010,432 | R--- | M] () -- C:\Windows\Installer\15de33.msp <br/>[2012/08/30 02:06:58 | 005,007,872 | R--- | M] () -- C:\Windows\Installer\19e13e.msp <br/>[2011/06/06 16:00:09 | 048,470,016 | ---- | M] () -- C:\Windows\Installer\1b052347.msi <br/>[2012/07/18 14:54:24 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\1b851b.msp <br/>[2012/07/25 15:57:08 | 002,532,864 | R--- | M] () -- C:\Windows\Installer\1b853f.msp <br/>[2012/07/18 14:55:46 | 009,585,664 | R--- | M] () -- C:\Windows\Installer\1b8556.msp <br/>[2012/07/25 15:57:06 | 003,157,504 | R--- | M] () -- C:\Windows\Installer\1b856d.msp <br/>[2012/09/25 11:35:46 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\1b8583.msp <br/>[2011/04/28 08:57:38 | 002,721,280 | R--- | M] () -- C:\Windows\Installer\1c0a29.msp <br/>[2011/04/06 19:12:06 | 194,340,864 | R--- | M] () -- C:\Windows\Installer\1c0a47.msp <br/>[2011/05/18 22:06:22 | 038,672,896 | R--- | M] () -- C:\Windows\Installer\1c0a67.msp <br/>[2012/05/17 18:56:49 | 001,376,768 | ---- | M] () -- C:\Windows\Installer\1cacfc8.msi <br/>[2006/12/02 01:20:42 | 003,227,648 | ---- | M] () -- C:\Windows\Installer\1dd04d.msi <br/>[2008/08/08 13:46:10 | 000,242,176 | ---- | M] () -- C:\Windows\Installer\1dd052.msi <br/>[2010/02/02 13:13:06 | 001,544,704 | ---- | M] () -- C:\Windows\Installer\1dd057.msi <br/>[2010/02/02 13:13:06 | 000,829,440 | ---- | M] () -- C:\Windows\Installer\1dd05c.msi <br/>[2010/02/02 13:13:06 | 001,304,576 | ---- | M] () -- C:\Windows\Installer\1dd061.msi <br/>[2011/03/17 22:16:22 | 050,226,176 | ---- | M] () -- C:\Windows\Installer\1dd06a.msi <br/>[2011/03/17 22:19:16 | 006,939,136 | ---- | M] () -- C:\Windows\Installer\1dd078.msi <br/>[2011/03/25 08:16:38 | 005,135,872 | R--- | M] () -- C:\Windows\Installer\1fef64.msp <br/>[2011/04/13 10:48:16 | 035,326,464 | R--- | M] () -- C:\Windows\Installer\1fef7a.msp <br/>[2012/07/18 14:53:56 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\246a4b.msp <br/>[2012/07/18 14:46:48 | 000,593,408 | R--- | M] () -- C:\Windows\Installer\246a61.msp <br/>[2009/04/14 04:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\289b1d.msp <br/>[2011/04/16 00:14:54 | 003,186,176 | ---- | M] () -- C:\Windows\Installer\289b23.msi <br/>[2009/04/14 03:22:08 | 019,840,000 | R--- | M] () -- C:\Windows\Installer\289b2a.msp <br/>[2009/04/04 10:14:58 | 001,094,656 | R--- | M] () -- C:\Windows\Installer\289b35.msp <br/>[2009/04/04 11:36:32 | 021,390,848 | R--- | M] () -- C:\Windows\Installer\289b36.msp <br/>[2009/04/04 17:09:34 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\289b3c.msp <br/>[2009/04/14 04:56:18 | 020,498,944 | R--- | M] () -- C:\Windows\Installer\289d69.msp <br/>[2009/02/25 19:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\289db7.msp <br/>[2011/09/21 16:18:24 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\289dcd.msp <br/>[2009/05/07 09:04:06 | 018,341,376 | R--- | M] () -- C:\Windows\Installer\289dd5.msp <br/>[2009/04/14 03:46:12 | 015,438,848 | R--- | M] () -- C:\Windows\Installer\289ddd.msp <br/>[2009/04/14 04:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\289de5.msp <br/>[2011/07/11 17:33:14 | 023,254,016 | R--- | M] () -- C:\Windows\Installer\289df8.msp <br/>[2007/03/15 16:45:06 | 000,698,880 | ---- | M] () -- C:\Windows\Installer\289dfd.msi <br/>[2009/04/14 04:21:34 | 015,303,168 | R--- | M] () -- C:\Windows\Installer\289e04.msp <br/>[2008/08/11 11:49:32 | 022,457,344 | R--- | M] () -- C:\Windows\Installer\289e1a.msp <br/>[2011/03/17 20:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\289e21.msp <br/>[2011/04/19 04:21:02 | 000,235,520 | ---- | M] () -- C:\Windows\Installer\289e28.msi <br/>[2011/04/19 04:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\289e2e.msi <br/>[2008/09/24 12:05:44 | 016,381,440 | R--- | M] () -- C:\Windows\Installer\289e43.msp <br/>[2009/04/14 04:18:14 | 009,684,480 | R--- | M] () -- C:\Windows\Installer\289e52.msp <br/>[2009/04/14 04:49:26 | 001,922,560 | R--- | M] () -- C:\Windows\Installer\289e59.msp <br/>[2005/09/23 02:32:48 | 004,022,784 | ---- | M] () -- C:\Windows\Installer\299d7c9.msi <br/>[2003/02/21 10:43:14 | 005,922,304 | ---- | M] () -- C:\Windows\Installer\2ed4a9d.msi <br/>[2011/10/27 13:05:43 | 019,361,792 | R--- | M] () -- C:\Windows\Installer\2efdfa6.msp <br/>[2011/04/16 07:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\2efdfc6.msi <br/>[2009/04/14 02:20:06 | 009,573,376 | R--- | M] () -- C:\Windows\Installer\31c1d1.msp <br/>[2011/10/30 21:27:20 | 020,333,568 | R--- | M] () -- C:\Windows\Installer\31c1dc.msp <br/>[2012/02/15 20:05:34 | 000,163,840 | ---- | M] () -- C:\Windows\Installer\347f9.ipi <br/>[2012/01/03 09:58:05 | 015,929,344 | R--- | M] () -- C:\Windows\Installer\348c8.msp <br/>[2012/02/13 08:57:28 | 030,412,800 | ---- | M] () -- C:\Windows\Installer\383f66.msi <br/>[2012/12/22 14:52:18 | 027,811,840 | ---- | M] () -- C:\Windows\Installer\3b9775.msi <br/>[2012/12/22 14:55:01 | 000,179,200 | ---- | M] () -- C:\Windows\Installer\3b9783.msi <br/>[2012/04/04 05:32:41 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\3c64e.msp <br/>[2011/11/01 12:34:26 | 001,169,920 | R--- | M] () -- C:\Windows\Installer\3c663.msp <br/>[2012/03/23 13:59:02 | 007,899,648 | R--- | M] () -- C:\Windows\Installer\3c679.msp <br/>[2012/03/26 23:28:54 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\3c68f.msp <br/>[2012/01/22 09:20:42 | 001,707,520 | R--- | M] () -- C:\Windows\Installer\3c698.msp <br/>[2011/11/21 23:42:40 | 033,189,888 | R--- | M] () -- C:\Windows\Installer\3d2acb.msp <br/>[2010/07/23 01:04:08 | 011,395,072 | R--- | M] () -- C:\Windows\Installer\4271f5.msp <br/>[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\Windows\Installer\42720b.msp <br/>[2011/07/27 07:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\427221.msp <br/>[2012/02/03 15:13:48 | 004,988,928 | R--- | M] () -- C:\Windows\Installer\427237.msp <br/>[2011/11/11 16:15:00 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\42724d.msp <br/>[2011/07/27 07:37:28 | 011,592,192 | R--- | M] () -- C:\Windows\Installer\427271.msp <br/>[2010/08/04 15:12:26 | 001,004,544 | R--- | M] () -- C:\Windows\Installer\427278.msp <br/>[2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\42728e.msp <br/>[2009/08/18 13:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\4272a4.msp <br/>[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\4272ba.msp <br/>[2009/05/26 18:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\4272cf.msp <br/>[2009/10/16 07:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\4272e5.msp <br/>[2012/02/15 23:04:07 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\4272f0.msp <br/>[2011/11/01 13:34:58 | 004,225,536 | R--- | M] () -- C:\Windows\Installer\42730a.msp <br/>[2011/11/11 16:14:40 | 009,096,192 | R--- | M] () -- C:\Windows\Installer\427320.msp <br/>[2010/05/20 19:57:12 | 005,907,456 | R--- | M] () -- C:\Windows\Installer\42733f.msp <br/>[2010/05/20 19:57:18 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\427340.msp <br/>[2011/12/26 06:24:12 | 008,835,072 | R--- | M] () -- C:\Windows\Installer\42734a.msp <br/>[2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\Windows\Installer\42735f.msp <br/>[2009/07/27 04:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\427375.msp <br/>[2010/03/24 18:54:54 | 002,516,992 | R--- | M] () -- C:\Windows\Installer\42739e.msp <br/>[2010/03/24 18:54:48 | 003,126,272 | R--- | M] () -- C:\Windows\Installer\42739f.msp <br/>[2009/08/05 07:49:32 | 003,457,024 | R--- | M] () -- C:\Windows\Installer\4273b8.msp <br/>[2010/08/13 18:00:36 | 009,404,928 | R--- | M] () -- C:\Windows\Installer\4273d0.msp <br/>[2010/08/04 15:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\4273e6.msp <br/>[2011/08/10 17:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\4273fc.msp <br/>[2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\427412.msp <br/>[2010/02/21 01:03:34 | 004,472,832 | R--- | M] () -- C:\Windows\Installer\42742e.msp <br/>[2011/03/18 12:13:59 | 001,588,224 | ---- | M] () -- C:\Windows\Installer\42c4ba.msi <br/>[2011/09/15 18:35:54 | 001,411,072 | R--- | M] () -- C:\Windows\Installer\441c16a.msp <br/>[2011/09/15 18:37:52 | 034,428,416 | R--- | M] () -- C:\Windows\Installer\441c16b.msp <br/>[2011/09/15 18:37:28 | 016,691,712 | R--- | M] () -- C:\Windows\Installer\441c171.msp <br/>[2011/09/15 18:34:54 | 428,804,608 | R--- | M] () -- C:\Windows\Installer\441c3c5.msp <br/>[2011/09/15 18:34:14 | 008,499,712 | R--- | M] () -- C:\Windows\Installer\441c3d2.msp <br/>[2011/09/15 18:38:04 | 010,838,528 | R--- | M] () -- C:\Windows\Installer\441c3dc.msp <br/>[2011/09/15 18:39:22 | 011,163,136 | R--- | M] () -- C:\Windows\Installer\441c3e7.msp <br/>[2011/09/15 18:40:36 | 007,959,552 | R--- | M] () -- C:\Windows\Installer\441c3f0.msp <br/>[2011/01/15 09:46:32 | 002,049,536 | ---- | M] () -- C:\Windows\Installer\441c3f6.msi <br/>[2010/11/25 08:12:14 | 000,510,464 | R--- | M] () -- C:\Windows\Installer\46dba4.msp <br/>[2010/07/16 07:41:36 | 001,732,608 | R--- | M] () -- C:\Windows\Installer\46dbaa.msp <br/>[2009/04/04 17:08:40 | 343,058,432 | R--- | M] () -- C:\Windows\Installer\470afcc.msp <br/>[2009/04/04 17:05:54 | 007,999,488 | R--- | M] () -- C:\Windows\Installer\470afd9.msp <br/>[2009/04/04 17:10:08 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\470afe3.msp <br/>[2009/04/04 17:10:16 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\470afec.msp <br/>[2009/04/04 17:10:24 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\470aff3.msp <br/>[2006/12/02 07:09:06 | 002,818,048 | ---- | M] () -- C:\Windows\Installer\48be92.msi <br/>[2010/03/18 13:41:24 | 001,901,056 | ---- | M] () -- C:\Windows\Installer\4c04c2.msi <br/>[2011/03/20 01:18:29 | 032,476,672 | ---- | M] () -- C:\Windows\Installer\4cd9e.msi <br/>[2011/03/17 22:49:47 | 000,743,424 | ---- | M] () -- C:\Windows\Installer\505e2.msi <br/>[2012/12/02 17:08:08 | 021,461,504 | ---- | M] () -- C:\Windows\Installer\57bbea4.msi <br/>[2012/12/02 17:08:13 | 002,682,368 | ---- | M] () -- C:\Windows\Installer\57bbedc.msi <br/>[2012/12/02 17:10:08 | 012,054,528 | ---- | M] () -- C:\Windows\Installer\57bbf28.msi <br/>[2012/12/02 17:11:37 | 059,330,560 | ---- | M] () -- C:\Windows\Installer\57bcb1e.msi <br/>[2012/12/02 17:22:43 | 021,168,128 | ---- | M] () -- C:\Windows\Installer\57bcb23.msi <br/>[2011/03/17 22:30:46 | 048,221,184 | ---- | M] () -- C:\Windows\Installer\5e0b2.msi <br/>[2012/03/23 15:37:40 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\60b646.ipi <br/>[2011/04/23 15:16:45 | 002,398,720 | ---- | M] () -- C:\Windows\Installer\60de91.msi <br/>[2011/04/23 15:16:44 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\60de96.msi <br/>[2011/04/23 15:16:57 | 001,714,176 | ---- | M] () -- C:\Windows\Installer\60de9b.msi <br/>[2011/04/23 15:17:00 | 002,024,448 | ---- | M] () -- C:\Windows\Installer\60dea0.msi <br/>[2011/04/23 15:17:03 | 001,642,496 | ---- | M] () -- C:\Windows\Installer\60dea5.msi <br/>[2011/04/23 15:17:06 | 001,648,640 | ---- | M] () -- C:\Windows\Installer\60deaa.msi <br/>[2011/04/23 15:17:06 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\60deaf.msi <br/>[2011/04/23 15:17:06 | 002,320,896 | ---- | M] () -- C:\Windows\Installer\60deb4.msi <br/>[2011/04/23 15:17:11 | 000,503,296 | ---- | M] () -- C:\Windows\Installer\60deb9.msi <br/>[2011/04/23 15:17:11 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\60debe.msi <br/>[2011/04/23 15:17:17 | 000,514,048 | ---- | M] () -- C:\Windows\Installer\60dec3.msi <br/>[2011/04/23 15:17:15 | 000,518,144 | ---- | M] () -- C:\Windows\Installer\60dec9.msi <br/>[2011/04/23 15:17:11 | 000,507,904 | ---- | M] () -- C:\Windows\Installer\60decf.msi <br/>[2011/04/23 15:17:11 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\60ded4.msi <br/>[2011/04/23 15:17:20 | 001,653,760 | ---- | M] () -- C:\Windows\Installer\60ded9.msi <br/>[2011/04/23 15:17:22 | 001,654,272 | ---- | M] () -- C:\Windows\Installer\60dede.msi <br/>[2011/04/23 15:17:25 | 001,654,272 | ---- | M] () -- C:\Windows\Installer\60dee3.msi <br/>[2011/04/23 15:17:25 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\60dee8.msi <br/>[2011/04/23 15:17:31 | 001,642,496 | ---- | M] () -- C:\Windows\Installer\60deed.msi <br/>[2011/04/23 15:17:36 | 000,847,872 | ---- | M] () -- C:\Windows\Installer\60def3.msi <br/>[2011/04/23 15:17:37 | 018,183,680 | ---- | M] () -- C:\Windows\Installer\60defd.msi <br/>[2007/04/12 16:11:48 | 004,582,912 | R--- | M] () -- C:\Windows\Installer\60defe.msp <br/>[2008/08/08 13:11:02 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\64d29.msi <br/>[2009/07/12 06:43:18 | 000,231,936 | ---- | M] () -- C:\Windows\Installer\64e0c4.msi <br/>[2011/07/21 12:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\66975.msp <br/>[2012/02/29 22:45:14 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\66a5a.msp <br/>[2010/03/18 13:41:24 | 001,901,056 | ---- | M] () -- C:\Windows\Installer\6a71b.msi <br/>[2011/05/30 22:45:52 | 000,041,984 | ---- | M] () -- C:\Windows\Installer\6cd7fc.msi <br/>[2011/09/17 02:03:12 | 000,045,056 | ---- | M] () -- C:\Windows\Installer\6cd7ff.ipi <br/>[2011/09/17 02:03:11 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\6cd802.msp <br/>[2012/07/27 17:47:34 | 013,123,584 | R--- | M] () -- C:\Windows\Installer\727ea.msp <br/>[2012/07/18 14:53:36 | 010,937,344 | R--- | M] () -- C:\Windows\Installer\727ff.msp <br/>[2012/07/25 15:59:06 | 011,032,064 | R--- | M] () -- C:\Windows\Installer\72815.msp <br/>[2012/06/26 17:03:12 | 003,875,840 | R--- | M] () -- C:\Windows\Installer\7282b.msp <br/>[2012/10/05 20:27:12 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\7d898.msi <br/>[2012/09/12 22:38:38 | 008,265,728 | ---- | M] () -- C:\Windows\Installer\88930.msi <br/>[2012/10/20 23:32:14 | 009,590,272 | R--- | M] () -- C:\Windows\Installer\897e5b.msp <br/>[2012/10/20 23:32:14 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\897e71.msp <br/>[2012/11/17 09:36:02 | 005,007,872 | R--- | M] () -- C:\Windows\Installer\897e87.msp <br/>[2008/08/15 11:46:16 | 014,821,376 | ---- | M] () -- C:\Windows\Installer\8d726c.msi <br/>[2011/09/05 14:01:26 | 013,135,872 | R--- | M] () -- C:\Windows\Installer\92aba.msp <br/>[2008/07/30 19:25:36 | 000,228,864 | ---- | M] () -- C:\Windows\Installer\a5a692.msi <br/>[2009/07/12 11:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\aacb03.msi <br/>[2012/04/04 21:37:36 | 003,149,824 | R--- | M] () -- C:\Windows\Installer\b35b7.msp <br/>[2012/04/04 21:37:40 | 002,540,544 | R--- | M] () -- C:\Windows\Installer\b35db.msp <br/>[2012/06/19 11:54:42 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\b35f1.msp <br/>[2012/06/19 11:54:40 | 002,239,488 | R--- | M] () -- C:\Windows\Installer\b3607.msp <br/>[2012/05/30 06:18:24 | 001,739,264 | R--- | M] () -- C:\Windows\Installer\b3611.msp <br/>[2012/05/30 06:18:08 | 011,885,056 | R--- | M] () -- C:\Windows\Installer\b3644.msp <br/>[2008/04/11 10:11:40 | 000,233,472 | ---- | M] () -- C:\Windows\Installer\b75e6c.msi <br/>[2012/02/25 21:02:08 | 026,820,096 | ---- | M] () -- C:\Windows\Installer\bdf9bc.msi <br/>[2012/05/11 18:05:58 | 020,343,808 | R--- | M] () -- C:\Windows\Installer\c9dbe.msp <br/>[2012/02/17 07:45:24 | 002,299,392 | R--- | M] () -- C:\Windows\Installer\c9dd4.msp <br/>[2012/04/28 20:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\c9dea.msp <br/>[2012/03/15 01:24:28 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\c9e00.msp <br/>[2012/04/04 21:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\c9e16.msp <br/>[2011/12/15 13:54:16 | 039,732,736 | R--- | M] () -- C:\Windows\Installer\c9e39.msp <br/>[2012/04/30 13:38:28 | 005,011,456 | R--- | M] () -- C:\Windows\Installer\c9e4e.msp <br/>[2012/01/19 13:20:42 | 011,997,696 | R--- | M] () -- C:\Windows\Installer\c9e5b.msp <br/>[2012/04/28 20:44:02 | 009,586,176 | R--- | M] () -- C:\Windows\Installer\c9e72.msp <br/>[2012/04/28 20:44:02 | 009,101,824 | R--- | M] () -- C:\Windows\Installer\c9e88.msp <br/>[2012/04/04 21:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\c9e9e.msp <br/>[2011/02/11 07:59:10 | 023,633,408 | R--- | M] () -- C:\Windows\Installer\ceb337.msp <br/>[2011/08/10 16:40:58 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\cfc367.msi <br/>[2011/08/10 16:40:56 | 001,859,584 | ---- | M] () -- C:\Windows\Installer\cfc36c.msi <br/>[2009/05/01 13:03:44 | 001,585,664 | ---- | M] () -- C:\Windows\Installer\e2db8.msi <br/>[2011/06/12 21:31:23 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi <br/>[2012/02/25 21:04:24 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi <br/>[2011/05/22 20:49:58 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8F473675-D702-45F9-8EBC-342B40C17BF5}.SchedServiceConfig.rmi <br/>[2012/03/17 19:58:03 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi <br/>[2012/12/02 17:12:39 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}.SchedServiceConfig.rmi <br/>[30 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ] <br/> <br/>[color=#A23BEC]< %windir%\system32\tasks\*.* >[/color] <br/> <br/>[color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color] <br/> <br/>[color=#A23BEC]< %systemroot%\*. /mp /s >[/color] <br/> <br/>[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] <br/>[2011/05/05 21:17:24 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe <br/>[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe <br/>[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe <br/>[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe <br/>[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe <br/>[2011/05/05 21:17:24 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe <br/>[2011/05/06 17:01:07 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe <br/>[2011/05/06 17:01:07 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe <br/>[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe <br/>[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe <br/>[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe <br/>[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe <br/>[2011/05/06 17:02:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe <br/>[2011/05/06 17:02:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe <br/>[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe <br/>[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe <br/>[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe <br/>[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe <br/>[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe <br/>[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe <br/>[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe <br/>[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe <br/>[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe <br/>[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe <br/> <br/>[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color] <br/>[2009/07/13 17:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe <br/>[2009/07/13 17:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe <br/>[2009/07/13 17:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe <br/>[2009/07/13 17:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe <br/> <br/>[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] <br/>[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe <br/>[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe <br/>[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe <br/>[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe <br/>[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe <br/> <br/>[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] <br/>[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe <br/>[2011/05/06 16:58:10 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe <br/>[2011/05/06 16:58:10 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe <br/>[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe <br/>[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe <br/>[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe <br/>[2011/05/06 17:01:13 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe <br/>[2011/05/06 17:01:13 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe <br/> <br/>[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] <br/>[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe <br/>[2011/05/06 17:02:01 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe <br/>[2011/05/06 17:02:01 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe <br/>[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe <br/>[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe <br/>[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe <br/>[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe <br/> <br/>[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color] <br/>[2009/07/13 21:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT <br/>[2009/07/13 21:08:49 | 000,032,546 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT <br/>[2011/04/07 18:57:07 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>[2011/04/07 18:57:09 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>[2012/08/30 22:03:34 | 000,000,852 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000Core.job <br/>[2012/08/30 22:03:36 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000UA.job <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color] <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color] <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color] <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color] <br/> <br/>[color=#A23BEC]< type c:\diskreport.txt /c >[/color] <br/>Microsoft DiskPart version 6.1.7601 <br/>Copyright (C) 1999-2008 Microsoft Corporation. <br/>On computer: SIAN <br/> Volume ### Ltr Label Fs Type Size Status Info <br/> ---------- --- ----------- ----- ---------- ------- --------- -------- <br/> Volume 0 System Rese NTFS Partition 100 MB Healthy System <br/> Volume 1 C NTFS Partition 148 GB Healthy Boot <br/> <br/>[color=#E56717]========== Alternate Data Streams ==========[/color] <br/> <br/>@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF <br/> <br/>< End of report > <br/> <br/>Extras <br/> <br/>OTL Extras logfile created on: 12/23/2012 7:45:01 PM - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sian\Desktop <br/>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation <br/>Internet Explorer (Version = 8.0.7601.17514) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>7.97 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 75.53% Memory free <br/>15.93 Gb Paging File | 13.73 Gb Available in Paging File | 86.20% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) <br/>Drive C: | 148.95 Gb Total Space | 28.05 Gb Free Space | 18.83% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: SIAN | User Name: Sian | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Extra Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== File Associations ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) <br/> <br/>[color=#E56717]========== Shell Spawning ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>exefile [open] -- "%1" %* <br/>helpfile [open] -- Reg Error: Key error. <br/>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) <br/>InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) <br/>InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) <br/>Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) <br/>Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) <br/>Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Folder [explore] -- Reg Error: Value error. <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) <br/>exefile [open] -- "%1" %* <br/>helpfile [open] -- Reg Error: Key error. <br/>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) <br/>Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) <br/>Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) <br/>Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Folder [explore] -- Reg Error: Value error. <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/> <br/>[color=#E56717]========== Security Center Settings ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/>"cval" = 1 <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] <br/>"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] <br/>"AntiVirusOverride" = 0 <br/>"AntiSpywareOverride" = 0 <br/>"FirewallOverride" = 0 <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] <br/> <br/>[color=#E56717]========== Firewall Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] <br/>"DisableNotifications" = 0 <br/>"EnableFirewall" = 1 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] <br/>"DisableNotifications" = 0 <br/>"EnableFirewall" = 1 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] <br/>"DisableNotifications" = 0 <br/>"EnableFirewall" = 1 <br/> <br/>[color=#E56717]========== Authorized Applications List ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] <br/>"{0578E4BD-EA73-4E05-8360-078086C4A03F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{0CFC69E7-5A7F-4F80-893C-AF95CD56B930}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{1A435D4F-98E7-436E-96F2-F5A69D3F072D}" = rport=445 | protocol=6 | dir=out | app=system | <br/>"{228B42AA-E178-4E75-9EBF-0D5D8C6CC069}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{233EB15E-7932-44E4-9A69-45D894881BDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{39384F77-7EB4-48AE-ABC1-E366E0ED2746}" = rport=139 | protocol=6 | dir=out | app=system | <br/>"{3B87824A-FBB9-4A68-A8AA-1E880125A276}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | <br/>"{7874C15A-28B1-455E-BF2F-D13326A875E9}" = rport=138 | protocol=17 | dir=out | app=system | <br/>"{7DA690EF-076E-4DAA-8344-514F0D6CB296}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{7F4CD5E1-9BD4-41D5-9CC3-D04D66797513}" = rport=10243 | protocol=6 | dir=out | app=system | <br/>"{7FF72B46-2140-4D77-A1F6-8134DD13B608}" = lport=137 | protocol=17 | dir=in | app=system | <br/>"{841E1CA1-ED5E-46F2-BBCB-CDDB2B637ACA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | <br/>"{8E0B8DE3-9BB2-427C-92EA-FC2B180791A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{92D1C24F-9AA7-4996-88D8-E2DE9F992EB5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | <br/>"{94DF323B-4611-4162-95E4-9A1D86D16B5A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | <br/>"{98DF51EA-669F-4DAF-8F3A-8B41B16AC71E}" = lport=2869 | protocol=6 | dir=in | app=system | <br/>"{9AC44307-1D94-440D-8CAB-AE014F42524F}" = lport=139 | protocol=6 | dir=in | app=system | <br/>"{A02351E5-25D4-44DA-837D-24D7BFBF3BB4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{A5B5DEDD-7344-4BE8-9CBE-CA51D3222B11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{A9F2C606-2390-402B-A28C-FF9127D39311}" = lport=138 | protocol=17 | dir=in | app=system | <br/>"{AD5E2540-EADB-4B2A-B65D-8A3FE2ADF89D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{B9492248-4736-4657-945B-00F15E39234C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | <br/>"{BC0963C6-4CFF-4819-90AD-1A1867B7CAB5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{C9CEC36C-3392-42AB-80FC-4B6D9D9493FB}" = lport=445 | protocol=6 | dir=in | app=system | <br/>"{CA2B2EBF-6EB6-43C7-9B00-6298F73FF464}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | <br/>"{CC17CBAE-217B-476B-96F5-9F6B83415003}" = lport=10243 | protocol=6 | dir=in | app=system | <br/>"{DB62D62C-C7E2-4822-A1D7-8612CA91FFF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{DF0A9460-62AE-4DB5-B73D-BF8B7206571E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | <br/>"{E288087D-FEF5-442E-A2C6-B9B67240F3F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{E801D928-DD26-48A1-BDA7-2D4FECC2CC73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{EBEB2D3A-0C56-4815-AB6B-4DDA69A83A13}" = rport=137 | protocol=17 | dir=out | app=system | <br/>"{FCA6B11F-191E-41C3-BBB3-640FA0ECD210}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/> <br/>[color=#E56717]========== Vista Active Application Exception List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] <br/>"{01D11A90-AC17-4346-837F-1F4949D4BFF5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | <br/>"{04FE9C0E-4512-428E-975B-6C794AE7669A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | <br/>"{0FC67F02-D7F8-4955-BEA7-5CB5C77F19B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\siansaechao\counter-strike\hl.exe | <br/>"{15B7F8A9-D993-4071-8D12-599341DE2A8C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | <br/>"{1684C95C-91DB-493B-A530-E423F1E70F1F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | <br/>"{274E24F6-4EBE-44A7-8197-6115B70AB926}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | <br/>"{3091BB00-EE38-485E-92C8-D1BE636D1CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | <br/>"{30B51EA8-6574-4AF3-B7D9-0FB04DAC41FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{3498AE65-288B-4A98-91DB-DEBD83E16BDD}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | <br/>"{3577652A-EC4D-4B96-983A-8F8C20A3D130}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | <br/>"{367F6D50-7284-43CB-A639-645A2A123E68}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | <br/>"{3B1CA220-5EE4-4E09-9C4D-E2075806F023}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | <br/>"{3DB943A5-6C45-437E-BE2D-201FE20A3419}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | <br/>"{427836E5-BC21-4019-BF1D-8E27FD4E6D7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{42E1969D-1C55-4427-A09F-63E806A0C387}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{47F614C5-404D-4BCC-A3D5-97CEB0E9E4B1}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | <br/>"{4AE61588-41CD-42D2-986F-A169F8C5CDC8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | <br/>"{4B89753B-EFB4-49C3-8CCA-15C2D1334040}" = protocol=6 | dir=out | app=system | <br/>"{4EDA316A-A369-475B-975D-CB210E72D0A8}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | <br/>"{5105887A-C907-4B74-8FDE-0D82E4B5A063}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | <br/>"{51DF8413-81C9-409A-BBE8-8116537E35E1}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | <br/>"{5E21A417-CF15-4FA7-A5A4-38D4E924978F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | <br/>"{60151C40-D6EB-4888-B3F6-CFB75E7A5585}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | <br/>"{61222BEA-4A30-411A-9550-A9904F781D3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | <br/>"{613DF185-B209-4C7E-A617-81E36AAB2BDE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | <br/>"{628DF702-6F70-4906-BAD8-AA3FE089536D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{634B1295-E915-4592-8C73-510248C4F575}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | <br/>"{635A8C7A-1258-4B0D-8ECB-869FA6050018}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | <br/>"{67C9672A-561E-4DC1-800A-A345B31ECE5E}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | <br/>"{7432A943-0615-4C10-8E64-84A9526A532A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | <br/>"{75D302E5-193E-46E9-99A8-D9B99801BC2C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | <br/>"{7993D4BC-6782-4ADD-A2B1-0B6E02F7E87B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\siansaechao\counter-strike\hl.exe | <br/>"{7BCF0534-4277-4E96-8916-FCF0D4CDCDE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | <br/>"{818D8044-A9C8-4418-9861-2BB1291F4ED9}" = protocol=6 | dir=in | app=c:\users\sian\appdata\roaming\spotify\spotify.exe | <br/>"{8998E938-6D5F-4B44-A4E1-14277589434F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | <br/>"{8B4557E8-B92A-4106-8E41-1F9B80D9CB1C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | <br/>"{8D106A1B-B438-4908-A154-059B36EE010D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | <br/>"{8EE294F4-7E20-42FB-B1D8-2B8C50512289}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | <br/>"{967FF586-A7AC-4CB7-A67B-124F3C49E0AA}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | <br/>"{98B9E474-DD61-46A9-B37F-F5FAD4AAF36E}" = protocol=17 | dir=in | app=c:\users\sian\appdata\roaming\spotify\spotify.exe | <br/>"{9A83AF95-155A-4FE9-B8DC-8F5C53C9E166}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | <br/>"{9ADAB66B-F601-427C-A122-D5DC40183EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | <br/>"{9BA19881-390C-48ED-B41F-2E220D961C58}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | <br/>"{9BAF6B09-A1F0-43D8-8985-2CC500862C47}" = protocol=58 | dir=in | app=system | <br/>"{A09F5B23-7B89-40B7-8A66-032D556B686D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | <br/>"{A1E17E66-9C8C-4734-BF94-8F1BF412B30E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | <br/>"{A7E52C94-A310-496D-BF4A-B1F45CD56BC9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | <br/>"{AB0E5522-FB45-43F9-BC0E-7D95FD7A6782}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{AC39736F-3028-4F0C-A118-55A144A4CE78}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | <br/>"{AC79007D-8DC5-49A2-8C7C-DCF33E31E0C1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | <br/>"{ADCE2AA6-4F86-4206-9151-AF1ED67A59F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | <br/>"{AE36F10B-174B-4EA1-A85C-2FD532E82461}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | <br/>"{AEC29047-E6B9-4BC4-9D64-ACB0AE9E15C7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | <br/>"{B0B4F99A-0C5B-495D-9A6C-5D0717813DB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{B40E695D-F318-4075-9BCB-B258F8F81EEB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | <br/>"{C26DDF7C-977B-4CC0-A940-DE82F6F4822F}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | <br/>"{C2D79BC7-0596-4C9F-A9E2-BFBE4269D396}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{C72C417C-004D-4973-9D42-AA724A356760}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | <br/>"{CAD48573-E14E-4EA4-999A-7E4CF70DF826}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | <br/>"{CC3579B9-BB4F-4A21-91A7-EE12BF1A79EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | <br/>"{D50F244A-3FBE-43D9-AAE6-2F6762341BBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{D7D12C5D-6F7F-4587-8014-0C9C1D253BBA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | <br/>"{D8A325A4-9238-437E-8AAC-60E2A1332733}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | <br/>"{DB45CD79-E1A9-48EF-9055-9C0C8548EF2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | <br/>"{E4560984-885C-432C-A498-6C95049EE3D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | <br/>"{E59EC1D6-E95D-48EC-980E-5ECF0013F0F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | <br/>"{E8C0B565-2B92-4595-A32C-5BF5562AAC68}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | <br/>"{ED4D596A-99E1-416D-AB27-BA7B670F750F}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | <br/>"{FCA87202-ADA5-4B52-A563-BEA24ADEA5DB}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | <br/>"{FDC416FD-2521-4CA2-AA77-A1405B841012}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{FDD61745-1505-4128-A767-9F372E0694F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{FFC56270-9127-4AA5-AE23-111D84D0D8D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | <br/>"TCP Query User{552A9AA3-5DEB-4C38-BB13-706AE65C4113}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | <br/>"TCP Query User{6822D4F2-6E09-4AFB-8FDA-18E420A2C1A5}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | <br/>"TCP Query User{6DA2161D-7891-46C9-8EB6-1AA68D76D00C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | <br/>"TCP Query User{70E65D34-5681-476F-BB83-7E1E7F66E368}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | <br/>"TCP Query User{C00A7980-D1F4-4B78-B1AA-AF6CEC236B12}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | <br/>"TCP Query User{D2364D08-98FA-4361-B896-7F107F319DFA}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | <br/>"TCP Query User{DF7BF2AA-6404-482F-88C6-961C2E6B5FEF}C:\windows\system32\migwiz\migwiz.exe" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | <br/>"UDP Query User{1050148D-AC1D-4AB8-87FE-1F5A4FD727BE}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | <br/>"UDP Query User{3B01A851-6F4E-4214-B363-E31FC0F0DEDD}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | <br/>"UDP Query User{3B60F13E-EE1B-4E32-A4FC-568853D52DEB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | <br/>"UDP Query User{44DA11F7-C882-4433-8865-93757329F9DC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | <br/>"UDP Query User{A7CE5275-F601-44F6-A217-F55CC7C2F2F4}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | <br/>"UDP Query User{D2F7BEB6-4103-49BA-AF9D-D95C42502CF7}C:\windows\system32\migwiz\migwiz.exe" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | <br/>"UDP Query User{DF504A1B-29B8-4710-B4A5-C07EFAA480BA}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | <br/> <br/>[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) <br/>"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes <br/>"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) <br/>"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35 <br/>"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.0.4014 x64 <br/>"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003 <br/>"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 <br/>"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 <br/>"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 <br/>"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour <br/>"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) <br/>"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2 <br/>"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 <br/>"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud <br/>"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 <br/>"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 <br/>"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 <br/>"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting <br/>"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) <br/>"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10 <br/>"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10 <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0 <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components <br/>"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client <br/>"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support <br/>"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 <br/>"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile <br/>"CCleaner" = CCleaner <br/>"Creative OA002" = Monitor Webcam Driver (1.01.02.0804) <br/>"DW WLAN Card Utility" = DW WLAN Card Utility <br/>"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile <br/>"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 <br/>"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2 <br/>"Microsoft Security Client" = Microsoft Security Essentials <br/>"SynTPDeinstKey" = Synaptics Pointing Device Driver <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam <br/>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 <br/>"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 <br/>"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in <br/>"{2E6044C5-3495-485F-91BC-46D1B6430E51}" = Windows 7 Logon Background Changer <br/>"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver <br/>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater <br/>"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module <br/>"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 <br/>"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module <br/>"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator <br/>"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors <br/>"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable <br/>"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable <br/>"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 <br/>"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update <br/>"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime <br/>"{831E13F4-3D72-4427-9C4C-A998E5952E7E}" = Alienware On-Screen Display <br/>"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 <br/>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight <br/>"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 <br/>"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 <br/>"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 <br/>"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 <br/>"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 <br/>"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 <br/>"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 <br/>"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 <br/>"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 <br/>"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 <br/>"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 <br/>"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 <br/>"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 <br/>"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 <br/>"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 <br/>"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 <br/>"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In <br/>"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster <br/>"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 <br/>"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 <br/>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper <br/>"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) <br/>"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne <br/>"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player <br/>"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 <br/>"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support <br/>"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0 <br/>"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX <br/>"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager <br/>"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module <br/>"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver <br/>"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC <br/>"AC3Filter" = AC3Filter (remove only) <br/>"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX <br/>"Advanced Audio FX Engine" = Advanced Audio FX Engine <br/>"BandiMPEG1" = Bandisoft MPEG-1 Decoder <br/>"BitTorrent" = BitTorrent <br/>"Dell Webcam Central" = Dell Webcam Central <br/>"Diablo III" = Diablo III <br/>"ENTERPRISE" = Microsoft Office Enterprise 2007 <br/>"Fraps" = Fraps (remove only) <br/>"HijackThis" = HijackThis 2.0.2 <br/>"hon" = Heroes of Newerth <br/>"Iconix eMail ID" = Iconix® eMail ID <br/>"InstallShield_{831E13F4-3D72-4427-9C4C-A998E5952E7E}" = Alienware On-Screen Display <br/>"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center <br/>"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 <br/>"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 <br/>"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) <br/>"MozillaMaintenanceService" = Mozilla Maintenance Service <br/>"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver <br/>"OpenAL" = OpenAL <br/>"StarCraft II" = StarCraft II <br/>"Stardock MyColors" = Stardock MyColors <br/>"Steam App 10" = Counter-Strike <br/>"Steam App 41500" = Torchlight <br/>"Steam App 570" = Dota 2 <br/>"TightVNC" = TightVNC 2.0.2 <br/>"Winamp" = Winamp <br/>"Winamp Toolbar" = Winamp Toolbar <br/>"WinRAR archiver" = WinRAR archiver <br/> <br/>[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] <br/> <br/>[HKEY_USERS\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"Google Chrome" = Google Chrome <br/>"Spotify" = Spotify <br/>"Winamp Detect" = Winamp Detector Plug-in <br/>"Winamp Toolbar" = Winamp Toolbar <br/> <br/>[color=#E56717]========== Last 20 Event Log Errors ==========[/color] <br/> <br/>[ Application Events ] <br/>Error - 11/2/2012 4:46:13 AM | Computer Name = Sian | Source = VSS | ID = 8193 <br/>Description = <br/> <br/>Error - 11/2/2012 6:30:59 AM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1515 <br/>Description = Windows has backed up this user profile. Windows will automatically <br/> try to use the backup profile the next time this user logs on. <br/> <br/>Error - 11/2/2012 6:30:59 AM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1511 <br/>Description = Windows cannot find the local profile and is logging you on with a <br/> temporary profile. Changes you make to this profile will be lost when you log off. <br/> <br/>Error - 11/2/2012 6:55:57 AM | Computer Name = Sian | Source = VSS | ID = 8193 <br/>Description = <br/> <br/>Error - 11/2/2012 7:10:23 AM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1515 <br/>Description = Windows has backed up this user profile. Windows will automatically <br/> try to use the backup profile the next time this user logs on. <br/> <br/>Error - 11/2/2012 7:10:23 AM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1511 <br/>Description = Windows cannot find the local profile and is logging you on with a <br/> temporary profile. Changes you make to this profile will be lost when you log off. <br/> <br/>Error - 11/5/2012 8:52:44 PM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1533 <br/>Description = Windows cannot delete the profile directory C:\Users\TEMP.SIAN.007. <br/> This error may be caused by files in this directory being used by another program. <br/> DETAIL - The directory is not empty. <br/> <br/>Error - 11/5/2012 8:52:44 PM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1515 <br/>Description = Windows has backed up this user profile. Windows will automatically <br/> try to use the backup profile the next time this user logs on. <br/> <br/>Error - 11/5/2012 8:52:44 PM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1511 <br/>Description = Windows cannot find the local profile and is logging you on with a <br/> temporary profile. Changes you make to this profile will be lost when you log off. <br/> <br/>Error - 11/5/2012 8:53:34 PM | Computer Name = Sian | Source = VSS | ID = 8193 <br/>Description = <br/> <br/>[ System Events ] <br/>Error - 12/23/2012 11:11:45 PM | Computer Name = Sian | Source = NetBT | ID = 4311 <br/>Description = Initialization failed because the driver device could not be created. <br/>Use <br/> the string "5C260A3B9713" to identify the interface for which initialization failed. <br/> It represents the MAC address of the failed interface or the Globally Unique Interface <br/> Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither <br/> the MAC address nor the GUID were available, the string represents a cluster device <br/> name. <br/> <br/>Error - 12/23/2012 11:11:45 PM | Computer Name = Sian | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 <br/>Description = Performance power management features on processor 0 in group 0 are <br/> disabled due to a firmware problem. Check with the computer manufacturer for updated <br/> firmware. <br/> <br/>Error - 12/23/2012 11:11:45 PM | Computer Name = Sian | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 <br/>Description = Performance power management features on processor 1 in group 0 are <br/> disabled due to a firmware problem. Check with the computer manufacturer for updated <br/> firmware. <br/> <br/>Error - 12/23/2012 11:11:45 PM | Computer Name = Sian | Source = NetBT | ID = 4311 <br/>Description = Initialization failed because the driver device could not be created. <br/>Use <br/> the string "889FFA691024" to identify the interface for which initialization failed. <br/> It represents the MAC address of the failed interface or the Globally Unique Interface <br/> Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither <br/> the MAC address nor the GUID were available, the string represents a cluster device <br/> name. <br/> <br/>Error - 12/23/2012 11:11:45 PM | Computer Name = Sian | Source = NetBT | ID = 4311 <br/>Description = Initialization failed because the driver device could not be created. <br/>Use <br/> the string "889FFA691024" to identify the interface for which initialization failed. <br/> It represents the MAC address of the failed interface or the Globally Unique Interface <br/> Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither <br/> the MAC address nor the GUID were available, the string represents a cluster device <br/> name. <br/> <br/>Error - 12/23/2012 11:12:33 PM | Computer Name = Sian | Source = NetBT | ID = 4311 <br/>Description = Initialization failed because the driver device could not be created. <br/>Use <br/> the string "889FFA691024" to identify the interface for which initialization failed. <br/> It represents the MAC address of the failed interface or the Globally Unique Interface <br/> Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither <br/> the MAC address nor the GUID were available, the string represents a cluster device <br/> name. <br/> <br/>Error - 12/23/2012 11:12:33 PM | Computer Name = Sian | Source = NetBT | ID = 4311 <br/>Description = Initialization failed because the driver device could not be created. <br/>Use <br/> the string "889FFA691024" to identify the interface for which initialization failed. <br/> It represents the MAC address of the failed interface or the Globally Unique Interface <br/> Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither <br/> the MAC address nor the GUID were available, the string represents a cluster device <br/> name. <br/> <br/>Error - 12/23/2012 11:12:35 PM | Computer Name = Sian | Source = Microsoft-Windows-TaskScheduler | ID = 413 <br/>Description = Task Scheduler service failed to load tasks at service startup. Additional <br/> Data: Error Value: 2147549183. <br/> <br/>Error - 12/23/2012 11:12:54 PM | Computer Name = Sian | Source = Service Control Manager | ID = 7026 <br/>Description = The following boot-start or system-start driver(s) failed to load: <br/> cdrom <br/> <br/>Error - 12/23/2012 11:13:38 PM | Computer Name = Sian | Source = DCOM | ID = 10016 <br/>Description = <br/> <br/> <br/>< End of report >
Posted 12/26/2012 7:27 AM
#94884
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Sorry for late reply.......... <br/> <br/><br /><br /> <br/><br /><br /> <br/><br /><br /> <br/><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; FONT-WEIGHT: normal; mso-ansi-language: EN; mso-bidi-font-weight: bold" lang=EN>We need to run an OTL Fix<SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN; mso-fareast-font-family: 'Arial Unicode MS'" lang=EN><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><UL type=disc> <br/><LI style="MARGIN: 0cm 0cm 0pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>Please reopen OTL on your desktop.<o:p></o:p></LI> <br/><LI style="MARGIN: 0cm 0cm 0pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; FONT-WEIGHT: normal; mso-ansi-language: EN; mso-bidi-font-weight: bold" lang=EN>Copy<SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN> and <SPAN style="FONT-FAMILY: Tahoma; FONT-WEIGHT: normal; mso-bidi-font-weight: bold">Paste the following code into the<SPAN style="mso-spacerun: yes"> Custom Scan textbox. <o:p></o:p></LI></UL><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN> <br/> <br/><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore"><SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>:<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>OTL <o:p></o:p> <br/><PRE style="TEXT-INDENT: -18pt; MARGIN-LEFT: 36pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt left 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore">·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. <br/> <br/>O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found. <br/> <br/>O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. <br/> <br/>O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt">O4:64bit: - HKLM..\Run: [] File not found<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN> <o:p></o:p></PRE><PRE style="TEXT-INDENT: -18pt; MARGIN-LEFT: 36pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt left 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore">·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>:<SPAN class=typ><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>Reg<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN> <o:p></o:p></PRE><PRE style="TEXT-INDENT: -18pt; MARGIN-LEFT: 36pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt left 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore">·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN> <o:p></o:p></PRE><PRE style="TEXT-INDENT: -18pt; MARGIN-LEFT: 36pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt left 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore">·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>:<SPAN class=typ><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>Files<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN> <o:p></o:p></PRE><PRE style="TEXT-INDENT: -18pt; MARGIN-LEFT: 36pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt left 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore">·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>C:\Program Files (x86)\BitTorrent <br/> <br/>C:\Program Files\Bonjour<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN><o:p></o:p></PRE><PRE style="TEXT-INDENT: -18pt; MARGIN-LEFT: 36pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt left 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore">·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>ipconfig <SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>/<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>flushdns <SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>/<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>c <o:p></o:p></PRE><PRE style="TEXT-INDENT: -18pt; MARGIN-LEFT: 36pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt left 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore">·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>:<SPAN class=typ><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>Commands<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN> <o:p></o:p></PRE><PRE style="TEXT-INDENT: -18pt; MARGIN-LEFT: 36pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt left 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore">·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>[<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>purity<SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>]<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN> <o:p></o:p></PRE><PRE style="TEXT-INDENT: -18pt; MARGIN-LEFT: 36pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt left 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore">·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>[<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>resethosts<SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>]<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN> <o:p></o:p></PRE><PRE style="TEXT-INDENT: -18pt; MARGIN-LEFT: 36pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt left 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore">·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>[<SPAN class=typ><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>CreateRestorePoint<SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>]<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN> <o:p></o:p></PRE><PRE style="TEXT-INDENT: -18pt; MARGIN-LEFT: 36pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt left 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt"><SPAN class=pln><SPAN style="FONT-FAMILY: Symbol; mso-ansi-language: EN; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol" lang=EN><SPAN style="mso-list: Ignore">·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>[<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>emptytemp<SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>]<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN> <o:p></o:p></PRE><PRE style="MARGIN-LEFT: 36pt"><SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>[<SPAN class=pln><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>EMPTYFLASH<SPAN class=pun><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN>]<SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN" lang=EN><o:p></o:p></PRE> <br/><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><UL type=disc> <br/><LI style="MARGIN: 0cm 0cm 0pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; FONT-WEIGHT: normal; mso-ansi-language: EN; mso-bidi-font-weight: bold" lang=EN>Push<SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN><SPAN style="mso-spacerun: yes"> Run Fix Button<o:p></o:p></LI> <br/><LI style="MARGIN: 0cm 0cm 0pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; COLOR: red; FONT-SIZE: 10pt; FONT-WEIGHT: normal; mso-ansi-language: EN; mso-bidi-font-weight: bold" lang=EN>OTL may ask to reboot the machine. Please do so if asked.<SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN><o:p></o:p></LI> <br/><LI style="MARGIN: 0cm 0cm 0pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; FONT-WEIGHT: normal; mso-ansi-language: EN; mso-bidi-font-weight: bold" lang=EN>Click<SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN> OK.<o:p></o:p></LI> <br/><LI style="MARGIN: 0cm 0cm 0pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>A report will open. <SPAN style="FONT-FAMILY: Tahoma; FONT-WEIGHT: normal; mso-bidi-font-weight: bold">Copy and <SPAN style="FONT-FAMILY: Tahoma; FONT-WEIGHT: normal; mso-bidi-font-weight: bold">Paste that report in your next reply.</LI> <br/><LI style="MARGIN: 0cm 0cm 0pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN><o:p></o:p></LI> <br/><LI style="MARGIN: 0cm 0cm 0pt; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" class=MsoNormal><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.</LI></UL> <br/><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN>Please download adwcleaner -> <br/><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN" lang=EN> <br/><SPAN style="FONT-FAMILY: Arial; COLOR: black; FONT-SIZE: 10.5pt; mso-ansi-language: EN-GB" lang=EN-GB> <br/><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB" lang=EN-GB><SPAN style="mso-spacerun: yes">[3] [/3][color=#0000ff][3]http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner[/3][/color]<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB" lang=EN-GB><o:p>[3] [/3]</o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB" lang=EN-GB><o:p>[3] [/3]</o:p> <br/> <br/><SPAN style="FONT-FAMILY: Arial; COLOR: black; FONT-SIZE: 10.5pt; mso-ansi-language: EN-GB" lang=EN-GB> <br/> <br/><BR style="mso-special-character: line-break"> <br/> <br/><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB>Double click on<SPAN class=apple-converted-space> AdwCleaner.exe<SPAN class=apple-converted-space> to run the tool.<SPAN class=apple-converted-space> <br/><SPAN style="FONT-FAMILY: Arial; COLOR: red; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB>***Note: Windows <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /><st1:place w:st="on">Vista</st1:place> and Windows 7 users:<SPAN class=apple-converted-space><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB> <SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB> <br/>Right click in the<SPAN class=apple-converted-space> adwCleaner.exe<SPAN class=apple-converted-space> and select<SPAN class=apple-converted-space> – Run as admin<SPAN class=apple-converted-space> <o:p></o:p> <br/> <br/><UL style="MARGIN-TOP: 0cm" type=disc> <br/><LI style="LINE-HEIGHT: 13.5pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: white; COLOR: black; mso-list: l1 level1 lfo2; tab-stops: list 36.0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt">Click<SPAN class=apple-converted-space> Delete.<SPAN class=apple-converted-space> <o:p></o:p></LI> <br/><LI style="LINE-HEIGHT: 13.5pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: white; COLOR: black; mso-list: l1 level1 lfo2; tab-stops: list 36.0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB>Everything<SPAN class=apple-converted-space><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB> <SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB>that was found will be deleted.<SPAN class=apple-converted-space> </LI> <br/><LI style="LINE-HEIGHT: 13.5pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: white; COLOR: black; mso-list: l1 level1 lfo2; tab-stops: list 36.0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB><SPAN class=apple-converted-space><o:p></o:p></LI> <br/><LI style="LINE-HEIGHT: 13.5pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: white; COLOR: black; mso-list: l1 level1 lfo2; tab-stops: list 36.0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB>Save any open files and approve the reboot. A text file will open after the restart.<SPAN class=apple-converted-space> <o:p></o:p></LI></UL> <br/><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB" lang=EN-GB><o:p>[3] [/3]</o:p> <br/><o:p></o:p> <br/><SPAN style="FONT-FAMILY: Tahoma; FONT-SIZE: 10pt; mso-ansi-language: EN; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA" lang=EN> <br/> <br/> <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB>Please download Combofix from: http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB> <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><SPAN style="mso-spacerun: yes"> And save to the desktop.<o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p> </o:p> <br/> <br/><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC: <br/>Exit all windows that are currently open on your computer.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB><o:p> </o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN; mso-bidi-font-size: 11.0pt" lang=EN> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Double-click on the combofix icon found on your desktop. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><B style="mso-bidi-font-weight: normal"><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB>Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall.</B> <br/> <br/><B style="mso-bidi-font-weight: normal"><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB>In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.<o:p></o:p></B> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><SPAN style="mso-spacerun: yes"> When finished, it will produce a logfile located at C:\combofix.txt.<SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB> <SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB>Post the contents of that log in your next reply <o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p> </o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt" lang=EN>The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p></o:p> <br/> <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/26/2012 9:11 AM
#94886
User avatar

sianbootay Valued member

Date Joined Nov 2016
Total Posts: 13
Its ok Touch, no worries. You've helped me soo much within the past years. By the way, Merry Late Christmas! :) <br/> <br/>All processes killed <br/>========== OTL ========== <br/>Registry value HKEY_USERS\S-1-5-21-2229391427-1754303536-809865111-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found. <br/>Registry value HKEY_USERS\S-1-5-21-2229391427-1754303536-809865111-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ not found. <br/>Registry value HKEY_USERS\S-1-5-21-2229391427-1754303536-809865111-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ deleted successfully. <br/>C:\Program Files (x86)\Winamp Toolbar\winamptb.dll moved successfully. <br/>64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. <br/>File PTYFLASH] not found. <br/> <br/>OTL by OldTimer - Version 3.2.69.0 log created on 12262012_000222 <br/> <br/>Files\Folders moved on Reboot... <br/> <br/>PendingFileRenameOperations files... <br/> <br/>Registry entries deleted on Reboot... <br/> <br/># AdwCleaner v2.103 - Logfile created 12/26/2012 at 00:25:21 <br/># Updated 25/12/2012 by Xplode <br/># Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) <br/># User : Sian - SIAN <br/># Boot Mode : Normal <br/># Running from : C:\Users\Sian\Desktop\adwcleaner.exe <br/># Option [Delete] <br/> <br/> <br/>***** [Services] ***** <br/> <br/> <br/>***** [Files / Folders] ***** <br/> <br/>Folder Deleted : C:\Program Files (x86)\Conduit <br/>Folder Deleted : C:\Program Files (x86)\Winamp Toolbar <br/>Folder Deleted : C:\ProgramData\Tarma Installer <br/>Folder Deleted : C:\ProgramData\Winamp Toolbar <br/>Folder Deleted : C:\Users\Sian\AppData\Local\Conduit <br/>Folder Deleted : C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh <br/>Folder Deleted : C:\Users\Sian\AppData\Local\Winamp Toolbar <br/>Folder Deleted : C:\Users\Sian\AppData\LocalLow\Conduit <br/>Folder Deleted : C:\Users\Sian\AppData\LocalLow\ConduitEngine <br/>Folder Deleted : C:\Users\Sian\AppData\LocalLow\PriceGong <br/>Folder Deleted : C:\Users\Sian\AppData\LocalLow\Toolbar4 <br/> <br/>***** [Registry] ***** <br/> <br/>Key Deleted : HKCU\Software\AppDataLow\Software\Conduit <br/>Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong <br/>Key Deleted : HKCU\Software\IM <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar <br/>Key Deleted : HKCU\Software\SweetIM <br/>Key Deleted : HKCU\Software\Winamp Toolbar <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe <br/>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} <br/>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26} <br/>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1} <br/>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1 <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1 <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1 <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1 <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1 <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper <br/>Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1 <br/>Key Deleted : HKLM\Software\Conduit <br/>Key Deleted : HKLM\Software\Iminent <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29} <br/>Key Deleted : HKLM\Software\SweetIM <br/>Key Deleted : HKLM\Software\Winamp Toolbar <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8} <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP <br/>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP <br/>Key Deleted : HKLM\SOFTWARE\Tarma Installer <br/>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] <br/>Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] <br/> <br/>***** [Internet Browsers] ***** <br/> <br/>-\\ Internet Explorer v8.0.7601.17514 <br/> <br/>[OK] Registry is clean. <br/> <br/>-\\ Mozilla Firefox v16.0.2 (en-US) <br/> <br/>File : C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js <br/> <br/>[OK] File is clean. <br/> <br/>File : C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\prefs.js <br/> <br/>[OK] File is clean. <br/> <br/>-\\ Google Chrome v23.0.1271.97 <br/> <br/>File : C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Preferences <br/> <br/>[OK] File is clean. <br/> <br/>************************* <br/> <br/>AdwCleaner[S1].txt - [18128 octets] - [26/12/2012 00:25:21] <br/> <br/>########## EOF - C:\AdwCleaner[S1].txt - [18189 octets] ########## <br/> <br/> <br/> <br/>ComboFix 12-12-25.02 - Sian 12/26/2012 0:42.1.2 - x64 <br/>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6184 [GMT -8:00] <br/>Running from: c:\users\Sian\Desktop\ComboFix.exe <br/>AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} <br/>SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} <br/>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>c:\users\Sian\GoToAssistDownloadHelper.exe <br/>c:\windows\SysWow64\Config.ini <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2012-12-26 08:53 . 2012-12-26 08:53 -------- dc----w- c:\users\Default\AppData\Local\temp <br/>2012-12-26 08:29 . 2012-12-26 08:29 -------- dc----w- c:\users\TEMP.SIAN.015 <br/>2012-12-26 08:02 . 2012-12-26 08:02 -------- dc----w- C:\_OTL <br/>2012-12-25 09:48 . 2012-11-08 17:24 9125352 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A3E564F-AF8E-4C12-A5C7-20932C7AC98F}\mpengine.dll <br/>2012-12-24 00:13 . 2012-11-08 17:24 9125352 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll <br/>2012-12-23 06:04 . 2012-12-23 06:05 46080 ----a-w- c:\windows\system32\atmlib.dll <br/>2012-12-23 06:04 . 2012-12-23 06:05 34304 ----a-w- c:\windows\SysWow64\atmlib.dll <br/>2012-12-23 06:04 . 2012-12-23 06:05 367616 ----a-w- c:\windows\system32\atmfd.dll <br/>2012-12-23 06:04 . 2012-12-23 06:05 295424 ----a-w- c:\windows\SysWow64\atmfd.dll <br/>2012-12-22 22:55 . 2012-12-22 22:55 -------- dc----w- c:\program files (x86)\Common Files\Java <br/>2012-12-22 22:54 . 2012-12-22 22:52 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll <br/>2012-12-22 22:54 . 2012-12-22 22:53 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll <br/>2012-12-22 22:53 . 2012-12-22 22:53 -------- dc----w- c:\program files (x86)\Trend Micro <br/>2012-12-22 22:52 . 2012-12-22 22:52 -------- dc----w- c:\programdata\McAfee <br/>2012-12-15 09:16 . 2012-12-15 22:20 -------- dc----w- c:\users\TEMP.SIAN.014 <br/>2012-12-12 08:06 . 2012-12-13 00:17 -------- dc----w- c:\users\TEMP.SIAN.013 <br/>2012-12-12 07:48 . 2012-12-12 07:54 3149824 ----a-w- c:\windows\system32\win32k.sys <br/>2012-12-12 07:46 . 2012-12-12 07:50 338432 ----a-w- c:\windows\system32\conhost.exe <br/>2012-12-12 07:43 . 2012-12-12 07:49 478208 ----a-w- c:\windows\system32\dpnet.dll <br/>2012-12-12 07:43 . 2012-12-12 07:49 376832 ----a-w- c:\windows\SysWow64\dpnet.dll <br/>2012-12-12 05:21 . 2012-12-12 08:06 -------- dc----w- c:\users\TEMP.SIAN.012 <br/>2012-12-10 08:39 . 2012-12-12 05:21 -------- dc----w- c:\users\TEMP.SIAN.011 <br/>2012-12-08 08:58 . 2012-12-08 21:24 -------- dc----w- c:\users\TEMP.SIAN.010 <br/>2012-12-07 06:58 . 2012-12-07 06:59 9728 ----a-w- c:\windows\system32\Wdfres.dll <br/>2012-12-07 06:58 . 2012-12-07 06:59 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys <br/>2012-12-07 06:58 . 2012-12-07 06:59 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys <br/>2012-12-07 06:58 . 2012-12-07 06:59 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui <br/>2012-12-07 06:44 . 2012-12-07 06:45 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys <br/>2012-12-07 06:44 . 2012-12-07 06:45 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys <br/>2012-12-07 06:44 . 2012-12-07 06:45 84992 ----a-w- c:\windows\system32\WUDFSvc.dll <br/>2012-12-07 06:44 . 2012-12-07 06:45 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll <br/>2012-12-07 06:44 . 2012-12-07 06:45 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll <br/>2012-12-07 06:44 . 2012-12-07 06:45 744448 ----a-w- c:\windows\system32\WUDFx.dll <br/>2012-12-07 06:44 . 2012-12-07 06:45 229888 ----a-w- c:\windows\system32\WUDFHost.exe <br/>2012-12-03 04:07 . 2010-06-02 12:55 77656 -c--a-w- c:\windows\system32\XAPOFX1_5.dll <br/>2012-12-03 04:06 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll <br/>2012-12-03 01:21 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys <br/>2012-12-03 01:19 . 2012-12-03 01:19 -------- dc----w- c:\program files\iPod <br/>2012-12-03 01:19 . 2012-12-03 01:21 -------- dc----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 <br/>2012-12-03 01:19 . 2012-12-03 01:21 -------- dc----w- c:\program files\iTunes <br/>2012-12-03 01:19 . 2012-12-03 01:21 -------- dc----w- c:\program files (x86)\iTunes <br/>2012-12-03 01:09 . 2012-12-03 01:09 -------- dc----w- c:\program files\Bonjour <br/>2012-12-03 01:09 . 2012-12-03 01:09 -------- dc----w- c:\program files (x86)\Bonjour <br/>2012-12-01 09:53 . 2012-12-01 09:52 972264 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7083D733-3BCA-4ECB-B1B5-2BE1E7C7DD63}\gapaengine.dll <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2012-12-22 22:52 . 2011-04-04 05:19 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll <br/>2012-12-12 07:51 . 2011-03-24 06:59 67413224 -c--a-w- c:\windows\system32\MRT.exe <br/>2012-12-12 07:50 . 2012-12-12 07:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll <br/>2012-12-07 06:44 . 2012-12-07 06:40 561664 ----a-w- c:\windows\apppatch\AcLayers.dll <br/>2012-12-07 06:44 . 2012-12-07 06:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll <br/>2012-12-07 06:44 . 2012-12-07 06:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll <br/>2012-11-02 11:03 . 2012-11-02 10:55 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys <br/>2012-11-02 11:00 . 2012-11-02 10:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe <br/>2012-11-02 10:59 . 2012-11-02 10:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe <br/>2012-11-02 10:59 . 2012-11-02 10:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe <br/>2012-11-02 10:59 . 2012-11-02 10:55 220160 ----a-w- c:\windows\system32\wintrust.dll <br/>2012-11-02 10:59 . 2012-11-02 10:55 172544 ----a-w- c:\windows\SysWow64\wintrust.dll <br/>2012-11-02 10:58 . 2012-11-02 10:53 715776 ----a-w- c:\windows\system32\kerberos.dll <br/>2012-11-02 10:58 . 2012-11-02 10:53 542208 ----a-w- c:\windows\SysWow64\kerberos.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 1464320 ----a-w- c:\windows\system32\crypt32.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 140288 ----a-w- c:\windows\system32\cryptnet.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll <br/>2012-10-07 05:18 . 2012-06-13 23:52 972192 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll <br/>2012-10-06 20:42 . 2012-10-01 11:58 245760 ----a-w- c:\windows\system32\OxpsConverter.exe <br/>2012-09-30 03:54 . 2012-06-03 20:25 25928 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2012-09-28 18:32 . 2012-09-28 18:32 5989776 -c--a-w- c:\windows\system32\usbaaplrc.dll <br/>2012-09-28 18:32 . 2012-09-28 18:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Spotify Web Helper"="c:\users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-16 1193176] <br/>"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-05-13 6380400] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] <br/>"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-08-14 1362544] <br/>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] <br/>"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] <br/>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] <br/>"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560] <br/>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] <br/>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952] <br/>. <br/>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520] <br/>. <br/>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2009-12-16 1387688] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"ConsentPromptBehaviorAdmin"= 0 (0x0) <br/>"ConsentPromptBehaviorUser"= 3 (0x3) <br/>"EnableLUA"= 0 (0x0) <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>"PromptOnSecureDesktop"= 0 (0x0) <br/>"SoftwareSASGeneration"= 1 (0x1) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] <br/>2010-04-04 18:43 144712 -c--a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] <br/>Notification Packages REG_MULTI_SZ scecli FAPassSync <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] <br/>@="Service" <br/>. <br/>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] <br/>R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768] <br/>R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] <br/>R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848] <br/>R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472] <br/>R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168] <br/>R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176] <br/>R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040] <br/>R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] <br/>R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] <br/>R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] <br/>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-05-07 59392] <br/>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] <br/>R3 vtany;vtany;c:\windows\vtany.sys [x] <br/>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-18 1255736] <br/>R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752] <br/>R4 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x] <br/>S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752] <br/>S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2009-11-10 20392] <br/>S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-04-19 98208] <br/>S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648] <br/>S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800] <br/>S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136] <br/>S2 IconixService;Iconix Update Service;c:\program files (x86)\Common Files\Iconix\IconixService.exe [2012-03-19 284512] <br/>S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] <br/>S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] <br/>S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] <br/>S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704] <br/>S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984] <br/>S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-29 67072] <br/>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] <br/>S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 219544] <br/>S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 168864] <br/>S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 306560] <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] <br/>iissvcs REG_MULTI_SZ w3svc was <br/>apphost REG_MULTI_SZ apphostsvc <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 20:13] <br/>. <br/>2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 20:13] <br/>. <br/>2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000Core.job <br/>- c:\users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 06:03] <br/>. <br/>2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000UA.job <br/>- c:\users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 06:03] <br/>. <br/>. <br/>--------- X64 Entries ----------- <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-19 10144288] <br/>"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896] <br/>"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304] <br/>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] <br/>"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256] <br/>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-22 165912] <br/>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-22 387608] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-22 365592] <br/>"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uLocal Page = c:\windows\system32\blank.htm <br/>uStart Page = about:blank <br/>mLocal Page = c:\windows\SysWOW64\blank.htm <br/>uInternet Settings,ProxyOverride = *.local <br/>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 <br/>Trusted Zone: clonewarsadventures.com <br/>Trusted Zone: freerealms.com <br/>Trusted Zone: soe.com <br/>Trusted Zone: sony.com <br/>TCP: DhcpNameServer = 192.168.1.1 <br/>FF - ProfilePath - c:\users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\ <br/>FF - ExtSQL: !HIDDEN! 2010-01-17 05:54; ypvhfbosum@ypvhfbosum.org; c:\users\Sian\Application Data\Mozilla\Firefox\Profiles\zu2rtjde.default\extensions\ypvhfbosum@ypvhfbosum.org.xpi <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) <br/>Wow6432Node-HKLM-Run-FAStartup - (no file) <br/>HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe <br/>. <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock] <br/>"ImagePath"="c:\windows\system32\xsherlock.xem" <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Shockwave Flash Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] <br/>@="0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="ShockwaveFlash.ShockwaveFlash.11" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="ShockwaveFlash.ShockwaveFlash" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Macromedia Flash Factory Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="FlashFactory.FlashFactory.1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="FlashFactory.FlashFactory" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker4" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] <br/>@Denied: (Full) (Everyone) <br/>. <br/>Completion time: 2012-12-26 00:59:09 <br/>ComboFix-quarantined-files.txt 2012-12-26 08:59 <br/>. <br/>Pre-Run: 32,652,746,752 bytes free <br/>Post-Run: 32,296,439,808 bytes free <br/>. <br/>- - End Of File - - 41E81CC31C108F657BF033ECC3301631
Posted 12/26/2012 9:18 AM
#94887
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
By the way, Merry Late Christmas! :) Thank you, and a happy early new year to you :smile: <br/> <br/><br /><br /> <br/>Do you know these folder/s: <br/> <br/>c:\users\TEMP.SIAN.012 ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/30/2012 8:02 AM
#94915
User avatar

sianbootay Valued member

Date Joined Nov 2016
Total Posts: 13
Sorry for the late reply, but i do not know what those are. Should i go ahead and delete? and do you see anything in any system? <br/> <br/>Thanks
Posted 12/31/2012 8:54 AM
#94928
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Have combofix to do the deleting ;-) <br/> <br/><br /><br /> <br/><br /><br /> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p> </o:p> <br/> <br/><SPAN lang=EN>Open notepad and copy/paste the text in bold in<SPAN style="mso-spacerun: yes"> below into it: <br/> <br/><SPAN lang=EN><o:p> </o:p> <br/> <br/><SPAN lang=EN>Snapshot:: <br/> <br/><SPAN lang=EN>Folder:: <br/> <br/><SPAN style="COLOR: black; FONT-SIZE: 8pt" lang=EN>c:\users\TEMP.SIAN.015<o:p></o:p> <br/> <br/><SPAN style="COLOR: black; FONT-SIZE: 8pt" lang=EN>c:\users\TEMP.SIAN.014 <br/>c:\users\TEMP.SIAN.013<o:p></o:p> <br/> <br/><SPAN style="COLOR: black; FONT-SIZE: 8pt" lang=EN>c:\users\TEMP.SIAN.012 <br/>c:\users\TEMP.SIAN.011 <br/>c:\users\TEMP.SIAN.010<o:p></o:p> <br/> <br/><SPAN style="COLOR: black; FONT-SIZE: 8pt" lang=EN>c:\program files (x86)\BitTorrent<o:p></o:p> <br/> <br/><SPAN style="COLOR: black; FONT-SIZE: 8pt" lang=EN>File::<o:p></o:p> <br/> <br/><SPAN style="COLOR: black; FONT-SIZE: 8pt" lang=EN>c:\users\TEMP.SIAN.015<o:p></o:p> <br/> <br/><SPAN style="COLOR: black; FONT-SIZE: 8pt" lang=EN>c:\users\TEMP.SIAN.014 <br/>c:\users\TEMP.SIAN.013<o:p></o:p> <br/> <br/><SPAN style="COLOR: black; FONT-SIZE: 8pt" lang=EN>c:\users\TEMP.SIAN.012 <br/>c:\users\TEMP.SIAN.011 <br/>c:\users\TEMP.SIAN.010<o:p></o:p> <br/> <br/><SPAN lang=EN><o:p> </o:p> <br/> <br/><SPAN lang=EN>Save this as:CFScript <br/> <br/><SPAN lang=EN><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>fUser image <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB><o:p> </o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe. <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Combofix will create a logfile and display it after your computer has rebooted. <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Usually located in c:\combofix.txt, please post it to your next reply<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB><o:p> </o:p> <br/> <br/><br /><br />

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/6/2013 3:01 AM
#94947
User avatar

sianbootay Valued member

Date Joined Nov 2016
Total Posts: 13
ComboFix 13-01-05.01 - Sian 01/05/2013 18:26:45.2.2 - x64 <br/>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.4324 [GMT -8:00] <br/>Running from: c:\users\Sian\Desktop\ComboFix.exe <br/>Command switches used :: c:\users\Sian\Desktop\CFScript.txt.txt <br/>AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} <br/>SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} <br/>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>FILE :: <br/>"c:\users\TEMP.SIAN.010" <br/>"c:\users\TEMP.SIAN.011" <br/>"c:\users\TEMP.SIAN.012" <br/>"c:\users\TEMP.SIAN.013" <br/>"c:\users\TEMP.SIAN.014" <br/>"c:\users\TEMP.SIAN.015" <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2013-01-06 02:01 . 2012-11-08 17:24 9125352 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8586FCE-67B0-479F-9252-F2173131DE56}\mpengine.dll <br/>2013-01-06 01:43 . 2013-01-06 01:43 -------- dc----w- c:\users\TEMP.SIAN.015 <br/>2013-01-01 02:35 . 2012-11-08 17:24 9125352 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll <br/>2012-12-26 08:02 . 2012-12-26 08:02 -------- dc----w- C:\_OTL <br/>2012-12-23 06:04 . 2012-12-23 06:05 46080 ----a-w- c:\windows\system32\atmlib.dll <br/>2012-12-23 06:04 . 2012-12-23 06:05 34304 ----a-w- c:\windows\SysWow64\atmlib.dll <br/>2012-12-23 06:04 . 2012-12-23 06:05 367616 ----a-w- c:\windows\system32\atmfd.dll <br/>2012-12-23 06:04 . 2012-12-23 06:05 295424 ----a-w- c:\windows\SysWow64\atmfd.dll <br/>2012-12-22 22:55 . 2012-12-22 22:55 -------- dc----w- c:\program files (x86)\Common Files\Java <br/>2012-12-22 22:54 . 2012-12-22 22:52 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll <br/>2012-12-22 22:54 . 2012-12-22 22:53 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll <br/>2012-12-22 22:53 . 2012-12-22 22:53 -------- dc----w- c:\program files (x86)\Trend Micro <br/>2012-12-22 22:52 . 2012-12-22 22:52 -------- dc----w- c:\programdata\McAfee <br/>2012-12-15 09:16 . 2012-12-15 22:20 -------- dc----w- c:\users\TEMP.SIAN.014 <br/>2012-12-12 08:06 . 2012-12-13 00:17 -------- dc----w- c:\users\TEMP.SIAN.013 <br/>2012-12-12 07:48 . 2012-12-12 07:54 3149824 ----a-w- c:\windows\system32\win32k.sys <br/>2012-12-12 07:46 . 2012-12-12 07:50 338432 ----a-w- c:\windows\system32\conhost.exe <br/>2012-12-12 07:43 . 2012-12-12 07:49 478208 ----a-w- c:\windows\system32\dpnet.dll <br/>2012-12-12 07:43 . 2012-12-12 07:49 376832 ----a-w- c:\windows\SysWow64\dpnet.dll <br/>2012-12-12 05:21 . 2012-12-12 08:06 -------- dc----w- c:\users\TEMP.SIAN.012 <br/>2012-12-10 08:39 . 2012-12-12 05:21 -------- dc----w- c:\users\TEMP.SIAN.011 <br/>2012-12-08 08:58 . 2012-12-08 21:24 -------- dc----w- c:\users\TEMP.SIAN.010 <br/>2012-12-07 06:58 . 2012-12-07 06:59 9728 ----a-w- c:\windows\system32\Wdfres.dll <br/>2012-12-07 06:58 . 2012-12-07 06:59 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys <br/>2012-12-07 06:58 . 2012-12-07 06:59 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys <br/>2012-12-07 06:58 . 2012-12-07 06:59 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui <br/>2012-12-07 06:44 . 2012-12-07 06:45 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys <br/>2012-12-07 06:44 . 2012-12-07 06:45 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys <br/>2012-12-07 06:44 . 2012-12-07 06:45 84992 ----a-w- c:\windows\system32\WUDFSvc.dll <br/>2012-12-07 06:44 . 2012-12-07 06:45 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll <br/>2012-12-07 06:44 . 2012-12-07 06:45 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll <br/>2012-12-07 06:44 . 2012-12-07 06:45 744448 ----a-w- c:\windows\system32\WUDFx.dll <br/>2012-12-07 06:44 . 2012-12-07 06:45 229888 ----a-w- c:\windows\system32\WUDFHost.exe <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2012-12-22 22:52 . 2011-04-04 05:19 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll <br/>2012-12-12 07:51 . 2011-03-24 06:59 67413224 -c--a-w- c:\windows\system32\MRT.exe <br/>2012-12-12 07:50 . 2012-12-12 07:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll <br/>2012-12-07 06:44 . 2012-12-07 06:40 561664 ----a-w- c:\windows\apppatch\AcLayers.dll <br/>2012-12-07 06:44 . 2012-12-07 06:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll <br/>2012-12-07 06:44 . 2012-12-07 06:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll <br/>2012-12-01 09:52 . 2012-12-01 09:53 972264 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7083D733-3BCA-4ECB-B1B5-2BE1E7C7DD63}\gapaengine.dll <br/>2012-11-02 11:03 . 2012-11-02 10:55 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys <br/>2012-11-02 11:00 . 2012-11-02 10:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe <br/>2012-11-02 10:59 . 2012-11-02 10:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe <br/>2012-11-02 10:59 . 2012-11-02 10:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe <br/>2012-11-02 10:59 . 2012-11-02 10:55 220160 ----a-w- c:\windows\system32\wintrust.dll <br/>2012-11-02 10:59 . 2012-11-02 10:55 172544 ----a-w- c:\windows\SysWow64\wintrust.dll <br/>2012-11-02 10:58 . 2012-11-02 10:53 715776 ----a-w- c:\windows\system32\kerberos.dll <br/>2012-11-02 10:58 . 2012-11-02 10:53 542208 ----a-w- c:\windows\SysWow64\kerberos.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 1464320 ----a-w- c:\windows\system32\crypt32.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 140288 ----a-w- c:\windows\system32\cryptnet.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll <br/>2012-11-02 10:56 . 2012-11-02 10:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Spotify Web Helper"="c:\users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-16 1193176] <br/>"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-05-13 6380400] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] <br/>"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-08-14 1362544] <br/>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] <br/>"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] <br/>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] <br/>"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560] <br/>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] <br/>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952] <br/>"FAStartup"="" [BU] <br/>. <br/>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520] <br/>. <br/>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2009-12-16 1387688] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"ConsentPromptBehaviorAdmin"= 0 (0x0) <br/>"ConsentPromptBehaviorUser"= 3 (0x3) <br/>"EnableLUA"= 0 (0x0) <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>"PromptOnSecureDesktop"= 0 (0x0) <br/>"SoftwareSASGeneration"= 1 (0x1) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] <br/>2010-04-04 18:43 144712 -c--a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] <br/>Notification Packages REG_MULTI_SZ scecli FAPassSync <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] <br/>@="Service" <br/>. <br/>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] <br/>R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768] <br/>R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] <br/>R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848] <br/>R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472] <br/>R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168] <br/>R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176] <br/>R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040] <br/>R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] <br/>R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] <br/>R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] <br/>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-05-07 59392] <br/>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] <br/>R3 vtany;vtany;c:\windows\vtany.sys [x] <br/>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-18 1255736] <br/>R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752] <br/>R4 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x] <br/>S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752] <br/>S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2009-11-10 20392] <br/>S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-04-19 98208] <br/>S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648] <br/>S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800] <br/>S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136] <br/>S2 IconixService;Iconix Update Service;c:\program files (x86)\Common Files\Iconix\IconixService.exe [2012-03-19 284512] <br/>S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] <br/>S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] <br/>S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] <br/>S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704] <br/>S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984] <br/>S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-29 67072] <br/>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] <br/>S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 219544] <br/>S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 168864] <br/>S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 306560] <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] <br/>iissvcs REG_MULTI_SZ w3svc was <br/>apphost REG_MULTI_SZ apphostsvc <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 20:13] <br/>. <br/>2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 20:13] <br/>. <br/>2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000Core.job <br/>- c:\users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 06:03] <br/>. <br/>2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000UA.job <br/>- c:\users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 06:03] <br/>. <br/>. <br/>--------- X64 Entries ----------- <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-19 10144288] <br/>"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] <br/>"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896] <br/>"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304] <br/>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] <br/>"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256] <br/>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-22 165912] <br/>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-22 387608] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-22 365592] <br/>"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uLocal Page = c:\windows\system32\blank.htm <br/>uStart Page = about:blank <br/>mLocal Page = c:\windows\SysWOW64\blank.htm <br/>uInternet Settings,ProxyOverride = *.local <br/>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 <br/>Trusted Zone: clonewarsadventures.com <br/>Trusted Zone: freerealms.com <br/>Trusted Zone: soe.com <br/>Trusted Zone: sony.com <br/>TCP: DhcpNameServer = 192.168.1.1 <br/>FF - ProfilePath - c:\users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\ <br/>FF - ExtSQL: !HIDDEN! 2010-01-17 05:54; ypvhfbosum@ypvhfbosum.org; c:\users\Sian\Application Data\Mozilla\Firefox\Profiles\zu2rtjde.default\extensions\ypvhfbosum@ypvhfbosum.org.xpi <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock] <br/>"ImagePath"="c:\windows\system32\xsherlock.xem" <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Shockwave Flash Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] <br/>@="0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="ShockwaveFlash.ShockwaveFlash.11" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="ShockwaveFlash.ShockwaveFlash" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Macromedia Flash Factory Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="FlashFactory.FlashFactory.1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="FlashFactory.FlashFactory" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker4" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] <br/>@Denied: (Full) (Everyone) <br/>. <br/>Completion time: 2013-01-05 18:53:32 <br/>ComboFix-quarantined-files.txt 2013-01-06 02:53 <br/>ComboFix2.txt 2012-12-26 08:59 <br/>. <br/>Pre-Run: 26,497,720,320 bytes free <br/>Post-Run: 25,494,675,456 bytes free <br/>. <br/>- - End Of File - - ADAAF2BB4C789A01F23F1E24F484DC84
Posted 1/8/2013 8:42 PM
#94957
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Please tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/9/2013 7:35 PM
#94960
User avatar

sianbootay Valued member

Date Joined Nov 2016
Total Posts: 13
Hi Touch! <br/> <br/>Things are running a LOT faster now! :hop: the only thing that still happens are website reroute. I google something and when I click on the link, it'll bring me to some phishing site. Any clues on why this is still happening? Much appreciated. Thanks
Posted 1/12/2013 7:23 AM
#94962
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN class=hps>See if Microsoft's <SPAN class=hps>own solution <SPAN class=hps>may <SPAN class=hps>do the trick, <SPAN class=hps>so you do not <SPAN class=hps>end up on <SPAN class=hps>Phishing <SPAN class=hps>sites ? <br/> <br/><br /><br /> <br/>http://support.microsoft.com/kb/930168

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/12/2013 9:09 AM
#94964
User avatar

sianbootay Valued member

Date Joined Nov 2016
Total Posts: 13
I do, but i close it immediately. I usually pay attention to the URL. I will give this a shot and see what happens. Will keep you updated. <br/> <br/>Thanks
Posted 1/14/2013 9:33 AM
#94974
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
"Will keep you updated". <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>OK :-)

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 4, 2016, 9:31 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.