Jump to content

Files for: Strange redirects


RainThunder7
 Share

Recommended Posts

Yes actually, since it's been a while I'll post an updated DDS thing here.

 

As some additional update; Still have the same problem as mentioned in the original thread. I remove the tracking cookies that Spybot and SuperAntiSpyware find and they still come back, which is making me question how useful either of these programs are. In fact I scanned with Spybot, removed the threats, then scanned immedietely after and got the exact same results again. Ugh.

 

Anyway, the DDS.

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Garrett at 22:03:30 on 2012-10-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1166 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\SysWOW64\lxcrcoms.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Macromedia\Flash 8\Flash.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173603102206p0405v1j5r4491s46q

mStart Page = hxxp://search.entru.com/?s=21982

uInternet Settings,ProxyOverride = *.local

BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File

BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File

TB: {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - No File

TB: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File

TB: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File

TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount

uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden

uRun: [Clownfish]

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [MMTray] "C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe"

mRun: [<NO NAME>]

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{36E2E6E9-C007-4097-B144-745D37C8A8A9} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E0C06911-D267-4DCE-A6F2-3D24F4AD8D67} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E0C06911-D267-4DCE-A6F2-3D24F4AD8D67}\8456E6279656474716D20534D275962756C6563737 : DhcpNameServer = 192.168.1.1

Handler: makeitlivechrome - {51472043-0170-45F9-BCCF-19FCFC676D18} - C:\Program Files (x86)\MakeItLive\makeitlive_toolbar.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

BHO-X64: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File

BHO-X64: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File

TB-X64: {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - No File

TB-X64: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File

TB-X64: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File

TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [MMTray] "C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe"

mRun-x64: [(Default)]

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction

mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Garrett\AppData\Roaming\Mozilla\Firefox\Profiles\y1fw6ddv.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:blank

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Garrett\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

.

============= SERVICES / DRIVERS ===============

.

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-2 84256]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-2 108320]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-9-13 44808]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-5-25 2275720]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-1 1262400]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-28 1153368]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]

R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]

R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528]

R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2012-8-1 278528]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250288]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]

S3 optousb;OPTO ELECTRONICS optousb;C:\Windows\system32\DRIVERS\optousb.sys --> C:\Windows\system32\DRIVERS\optousb.sys [?]

S3 optovcm;OPTO ELECTRONICS optovcm;C:\Windows\system32\DRIVERS\optovcm.sys --> C:\Windows\system32\DRIVERS\optovcm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-10-03 12:00:50 737280 ----a-w- C:\Windows\iun6002.exe

2012-10-02 12:10:54 -------- d-----w- C:\Users\Garrett\AppData\Roaming\Avira

2012-10-02 12:09:17 99248 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2012-10-02 12:09:17 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2012-10-02 12:09:16 -------- d-----w- C:\ProgramData\Avira

2012-10-02 12:09:16 -------- d-----w- C:\Program Files (x86)\Avira

2012-10-02 11:44:28 -------- d-----w- C:\Users\Garrett\AppData\Roaming\LavasoftStatistics

2012-10-02 11:37:23 -------- d-----w- C:\Users\Garrett\AppData\Roaming\Ad-Aware Antivirus

2012-09-30 20:34:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{31900A7A-7D58-4C99-B079-8DA61ED6A6DC}\offreg.dll

2012-09-30 07:33:59 -------- d-----w- C:\ProgramData\VS

2012-09-29 05:36:29 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{31900A7A-7D58-4C99-B079-8DA61ED6A6DC}\mpengine.dll

2012-09-28 07:02:08 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-09-28 06:55:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-09-28 06:55:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-09-26 05:38:13 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-09-24 08:41:29 -------- d-----w- C:\Users\Garrett\AppData\Roaming\SUPERAntiSpyware.com

2012-09-24 08:40:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-09-22 01:58:41 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-09-22 01:58:41 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-09-19 05:05:58 -------- d-----w- C:\Program Files\Theme Resource Changer

2012-09-19 04:26:17 -------- d-----w- C:\Users\Garrett\0-THEMES

2012-09-19 04:10:35 -------- d-----w- C:\Users\Garrett\AppData\Roaming\Aston

2012-09-19 04:03:30 -------- d-----w- C:\Program Files\Aston2

2012-09-19 03:40:30 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-09-19 03:40:30 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-09-13 03:03:17 -------- d-----w- C:\Users\Garrett\AppData\Local\MPlayer

2012-09-13 02:59:09 -------- d-----w- C:\ProgramData\PMS

2012-09-12 05:35:30 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-12 05:35:30 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-12 05:35:28 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-12 05:35:28 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-12 05:35:25 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-12 05:35:24 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-12 05:35:24 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

==================== Find3M ====================

.

2012-09-21 06:12:29 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-21 06:12:28 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-19 03:45:03 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-19 03:45:03 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-09-13 05:19:44 1734 --sha-w- C:\ProgramData\KGyGaAvL.sys

2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-04 00:40:37 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 22:06:11.90 ===============

Attach.txt

Link to comment
Share on other sites

It's a cat and mouse game. Sometimes these programs may seem to have caught something but most of the time they just don't nab the real culprit.

 

I need more information gathering before we can move on.

 

Please download aswMBR.exe and save it to your desktop.

  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

     

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

 

Download TDSSKiller.exe and save it to your desktop

 

Execute TDSSKiller.exe by doubleclicking on it.

Press Start Scan

If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.

Once complete, a log will be produced at the root drive which is typically C: ,for example, C:TDSSKiller.<version_date_time>log.txt

 

===================================================

 

On your next reply please post :

aswMBR log

MBR.dat (attachment)

TDSS Killer log

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

The only thing I've done since my post (before you replied about not doing anything) was, I noticed BECAUSE of the opening part of the log I posted, Windows Defender was disabled. I don't know why, but I turned it on and did a scan with it, which gave no results.

 

Anyway, the attachments are below as requested.

aswMBR.txt

MBR.zip

TDSSKiller.2.8.10.0_05.10.2012_23.36.57_log.txt

Link to comment
Share on other sites

Please read through these instructions to familiarize yourself with what to expect when this tool runs

 

Refer to the ComboFix User's Guide

 

 

Download ComboFix from one of these locations:

Link 1

Link 2

 

 

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

 

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

 

 

====================================================

 

 

Double click on combofix.exe & follow the prompts.

 

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply for further review.

Link to comment
Share on other sites

It won't interfere the results. It's alright. :)

 

I need a favor from you which I hope you don't mind. I would like you to paste the logs in your future post to allow easier review and convenience. Thanks!

 

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

    Note:These logs can be located in the OTL. folder on you C: drive if they fail to open automatically.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Link to comment
Share on other sites

Alright, first is OTL.

 

 

OTL logfile created on: 10/7/2012 3:01:28 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersGarrettDownloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 42.05% Memory free

7.50 Gb Paging File | 4.72 Gb Available in Paging File | 62.95% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 684.54 Gb Total Space | 62.31 Gb Free Space | 9.10% Space Free | Partition Type: NTFS

Drive F: | 149.01 Gb Total Space | 28.68 Gb Free Space | 19.24% Space Free | Partition Type: FAT32

 

Computer Name: BETA_2 | User Name: Garrett | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersGarrettDownloadsOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)AviraAntiVir Desktopsched.exe (Avira Operations GmbH & Co. KG)

PRC - C:Program Files (x86)AviraAntiVir Desktopavguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google Inc.)

PRC - C:Program Files (x86)AVG Secure Searchvprot.exe ()

PRC - C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater12.2.6ToolbarUpdater.exe ()

PRC - C:Program FilesAlwil SoftwareAvast5AvastUI.exe (AVAST Software)

PRC - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (AVAST Software)

PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe (LogMeIn Inc.)

PRC - C:Program Files (x86)uTorrentuTorrent.exe (BitTorrent, Inc.)

PRC - C:Program Files (x86)NETGEARWNA3100WNA3100.exe ()

PRC - C:Program Files (x86)Alcohol SoftAlcohol 52StarWindStarWindServiceAE.exe (StarWind Software)

PRC - C:Program Files (x86)eMachinesRegistrationGregHSRW.exe (Acer Incorporated)

PRC - C:Program FileseMachineseMachines UpdaterUpdaterService.exe (Acer)

PRC - C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

PRC - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.)

PRC - C:Program Files (x86)SonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe (Microsoft Corporation)

PRC - C:Program Files (x86)Morganm3jpegV3MMTray.exe (Morgan Multimedia)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)GoogleChromeApplication22.0.1229.79ppgooglenaclpluginchrome.dll ()

MOD - C:Program Files (x86)GoogleChromeApplication22.0.1229.79pdf.dll ()

MOD - C:Program Files (x86)GoogleChromeApplication22.0.1229.79libglesv2.dll ()

MOD - C:Program Files (x86)GoogleChromeApplication22.0.1229.79libegl.dll ()

MOD - C:Program Files (x86)GoogleChromeApplication22.0.1229.79avutil-51.dll ()

MOD - C:Program Files (x86)GoogleChromeApplication22.0.1229.79avformat-54.dll ()

MOD - C:Program Files (x86)GoogleChromeApplication22.0.1229.79avcodec-54.dll ()

MOD - C:Program Files (x86)AVG Secure Searchvprot.exe ()

MOD - C:Program Files (x86)Common FilesAVG Secure SearchDNTInstaller12.2.6avgdttbx.dll ()

MOD - C:Program Files (x86)Common FilesAVG Secure SearchSiteSafetyInstaller12.2.6SiteSafety.dll ()

MOD - C:Program Files (x86)NETGEARWNA3100WNA3100.exe ()

MOD - C:Program Files (x86)NETGEARWNA3100WifiSvcLib.dll ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (avast! Antivirus) -- C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (AVAST Software)

SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCore64.exe (SUPERAntiSpyware.com)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV:64bit: - (Updater Service) -- C:Program FileseMachineseMachines UpdaterUpdaterService.exe (Acer)

SRV - (AntiVirSchedulerService) -- C:Program Files (x86)AviraAntiVir Desktopsched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:Program Files (x86)AviraAntiVir Desktopavguard.exe (Avira Operations GmbH & Co. KG)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (vToolbarUpdater12.2.6) -- C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater12.2.6ToolbarUpdater.exe ()

SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:Program Files (x86)SkypeUpdaterUpdater.exe (Skype Technologies)

SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

SRV - (Steam Client Service) -- C:Program Files (x86)Common FilesSteamSteamService.exe (Valve Corporation)

SRV - (Hamachi2Svc) -- C:Program Files (x86)LogMeIn Hamachihamachi-2.exe (LogMeIn Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (WSWNA3100) -- C:Program Files (x86)NETGEARWNA3100WifiSvc.exe ()

SRV - (StarWindServiceAE) -- C:Program Files (x86)Alcohol SoftAlcohol 52StarWindStarWindServiceAE.exe (StarWind Software)

SRV - (Greg_Service) -- C:Program Files (x86)eMachinesRegistrationGregHSRW.exe (Acer Incorporated)

SRV - (Nero BackItUp Scheduler 4.0) -- C:Program Files (x86)Common FilesNeroNero BackItUp 4NBService.exe (Nero AG)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

SRV - (GameConsoleService) -- C:Program Files (x86)eMachines GameseMachines Game ConsoleGameConsoleService.exe (WildTangent, Inc.)

SRV - (WcesComm) -- C:WindowsWindowsMobilewcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:WindowsWindowsMobilerapimgr.dll (Microsoft Corporation)

SRV - (lxcr_device) -- C:WindowsSysWOW64lxcrcoms.exe ( )

SRV - (MSSQL$SONY_MEDIAMGR) -- C:Program Files (x86)SonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe (Microsoft Corporation)

SRV - (SQLAgent$SONY_MEDIAMGR) -- C:Program Files (x86)SonyShared Plug-InsMedia ManagerMSSQL$SONY_MEDIAMGRBinnsqlagent.EXE (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:WindowsSysNativedriversavipbb.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (avkmgr) -- C:WindowsSysNativedriversavkmgr.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (avgntflt) -- C:WindowsSysNativedriversavgntflt.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (avgtp) -- C:WindowsSysNativedriversavgtpx64.sys (AVG Technologies)

DRV:64bit: - (aswSnx) -- C:WindowsSysNativedriversaswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:WindowsSysNativedriversaswSP.sys (AVAST Software)

DRV:64bit: - (aswTdi) -- C:WindowsSysNativedriversaswTdi.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:WindowsSysNativedriversaswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswRdr) -- C:WindowsSysNativedriversaswRdr2.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:WindowsSysNativedriversaswFsBlk.sys (AVAST Software)

DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)

DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (BCMH43XX) -- C:WindowsSysNativedriversbcmwlhigh664.sys (Broadcom Corporation)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (vpcvmm) -- C:WindowsSysNativedriversvpcvmm.sys (Microsoft Corporation)

DRV:64bit: - (vpcbus) -- C:WindowsSysNativedriversvpchbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (vpcusb) -- C:WindowsSysNativedriversvpcusb.sys (Microsoft Corporation)

DRV:64bit: - (vpcnfltr) -- C:WindowsSysNativedriversvpcnfltr.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (optovcm) -- C:WindowsSysNativedriversoptovcm.sys (OPTO ELECTRONICS CO.,LTD.)

DRV:64bit: - (optousb) -- C:WindowsSysNativedriversoptousb.sys (OPTO ELECTRONICS CO.,LTD.)

DRV:64bit: - (sptd) -- C:WindowsSysNativedriverssptd.sys ()

DRV:64bit: - (Tpkd) -- C:WindowsSysNativedriversTpkd.sys (PACE Anti-Piracy, Inc.)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (SWMX00) -- C:WindowsSysNativedriversswmx00.sys (Sierra Wireless Inc.)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek )

DRV:64bit: - (SWNC5E00) -- C:WindowsSysNativedriversSWNC5E00.sys (Sierra Wireless Inc.)

DRV:64bit: - (hamachi) -- C:WindowsSysNativedrivershamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (SCMNdisP) -- C:WindowsSysNativedriversSCMNdisP.sys (Windows ® Codename Longhorn DDK provider)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173603102206p0405v1j5r4491s46q

IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://search.entru.com/?s=21982

IE - HKLM..SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM..SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = about:blank

IE - HKCU..SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU..SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS369

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF:64bit: - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_4_402_278.dll File not found

FF:64bit: - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.7.2: C:Windowssystem32npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.1.0-git-20120422-0403: C:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_278.dll ()

FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:WindowsSysWOW64AdobeDirectornp32dsw_1167637.dll (Adobe Systems, Inc.)

FF - HKLMSoftwareMozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:Program Files (x86)Common FilesAVG Secure SearchSiteSafetyInstaller12.2.6npsitesafety.dll ()

FF - HKLMSoftwareMozillaPlugins@ei.TotalRecipeSearch_14.com/Plugin: C:Program Files (x86)TotalRecipeSearch_14EIInstallr1.binNP14EISB.dll File not found

FF - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.7.2: C:WindowsSysWOW64npDeployJava1.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.4.0: C:Program Files (x86)Javajre7binplugin2npjp2.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@nexon.net/NxGame: C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon)

FF - HKLMSoftwareMozillaPlugins@pandonetworks.com/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@veetle.com/veetleCorePlugin,version=0.9.18: C:Program Files (x86)VeetlepluginsnpVeetle.dll (Veetle Inc)

FF - HKLMSoftwareMozillaPlugins@veetle.com/veetlePlayerPlugin,version=0.9.18: C:Program Files (x86)VeetlePlayernpvlc.dll (Veetle Inc)

FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.2: C:Program Files (x86)VideoLANVLCnpvlc.dll (VideoLAN)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKCUSoftwareMozillaPlugins@unity3d.com/UnityPlayer,version=1.0: C:UsersGarrettAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)

FF - HKCUSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionssmartwebprinting@hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2010/04/03 19:01:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsavg@toolbar: C:ProgramDataAVG Secure Search12.2.5.32 [2012/09/03 19:40:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionswrc@avast.com: C:Program FilesAlwil SoftwareAvast5WebRepFF [2012/09/13 01:51:14 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionssmartwebprinting@hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2010/04/03 19:01:17 | 000,000,000 | ---D | M]

 

[2012/10/06 02:14:42 | 000,000,000 | ---D | M] (No name found) -- C:UsersGarrettAppDataRoamingMozillaExtensions

[2011/04/19 03:39:24 | 000,000,000 | ---D | M] (No name found) -- C:UsersGarrettAppDataRoamingMozillaExtensionsceltx@celtx.com

[2010/03/18 04:59:42 | 000,000,000 | ---D | M] (No name found) -- C:UsersGarrettAppDataRoamingMozillaExtensionsmozswing@mozswing.org

[2012/10/06 02:14:47 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpwachk.dll

[2012/09/03 19:40:59 | 000,003,771 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsavg-secure-search.xml

[2012/02/01 10:28:21 | 000,001,692 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginscomcast.xml

 

========== Chrome ==========

 

CHR - homepage: about:blank

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: about:blank

CHR - plugin: Shockwave Flash (Enabled) = C:Program Files (x86)GoogleChromeApplication22.0.1229.79PepperFlashpepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_278.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:Program Files (x86)GoogleChromeApplication22.0.1229.79ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Files (x86)GoogleChromeApplication22.0.1229.79pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 10.0ReaderBrowsernppdf32.dll

CHR - plugin: Microsoftu00AE Windows Media Player Firefox Plugin (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnp-mswmp.dll

CHR - plugin: downloadUpdater (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpdnupdater2.dll

CHR - plugin: Windows Genuine Advantage (Enabled) = C:Program Files (x86)Mozilla FirefoxpluginsnpLegitCheckPlugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin7.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpwachk.dll

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:Program Files (x86)Common FilesAVG Secure SearchSiteSafetyInstaller12.2.6npsitesafety.dll

CHR - plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:Program Files (x86)OracleJavaFX 2.1 Runtimebinplugin2npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:WindowsSysWOW64npDeployJava1.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll

CHR - plugin: Veetle TV Player (Enabled) = C:Program Files (x86)VeetlePlayernpvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:Program Files (x86)VeetlepluginsnpVeetle.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:Program Files (x86)VideoLANVLCnpvlc.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:ProgramDataNexonUSNGMnpNxGameUS.dll

CHR - plugin: Unity Player (Enabled) = C:UsersGarrettAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll

CHR - plugin: Shockwave for Director (Enabled) = C:WindowsSysWOW64AdobeDirectornp32dsw_1167637.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll

CHR - Extension: FlashBlock = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionscdngiadmnkhgemkimkhiilgffbjijcie1.2.11.12_0

CHR - Extension: Adblock Plus (Beta) = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionscfhdojbkjhnklbpkdaibdccddilifddb1.2_0

CHR - Extension: Webpage Screenshot = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsckibcdccnfeookdmbahgiakhnjcddpki5.5.3_0

CHR - Extension: Google Search = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

CHR - Extension: http://us.mg6.mail.yahoo.com/neo/launch?.rand = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsefeonebpfhplehjpmhjpjiagmffdlkmp2012.10.6.17389_0

CHR - Extension: Tab Glutton = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsekfmaibfpamaegficfifofnlhalkbdfm0.4.0_0

CHR - Extension: http://www.furaffinity.net/user/rainthunder7/ = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsfgfjocihfbedionggnknlndgalkgpnfd2012.10.6.17354_0

CHR - Extension: http://www.tumblr.com/dashboard = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsfibnnpjeiklfconkoomkgofbmdmeanpk2012.10.6.17879_0

CHR - Extension: e_nihilator2 = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsfkjchjimfkmconmpfjakhmnacfcecinp2.0_0

CHR - Extension: https://www.facebook.com/home.php = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsfnfbljaomhfnccdhkmgpndmoeogpjpdd2012.10.6.17408_0

CHR - Extension: http://www.youtube.com/ = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsgljmkepedihfojjfmjambblgjemocehi2012.10.6.17586_0

CHR - Extension: Download videos = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionshbkglaboababckmiklpfggkomcpmhcdh1.3.4_0

CHR - Extension: avast! WebRep = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsicmlaeflemplmjndnaapfdbbnpncnbda7.0.1466_0

CHR - Extension: http://movies.netflix.com/WiHome = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsifapaoknlkpflhgnolmimcokakmdikho2012.10.6.17859_0

CHR - Extension: Speed Dial 2 = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsjpfpebmajhhopeonhlcgidhclcccjcik1.6.1.1_0

CHR - Extension: FVD Video Downloader = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionslfmhcpmkbdkbgbmkjoiopeeegenkdikp1.3.3_0

CHR - Extension: http://malunis.deviantart.com/ = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionslnldihmehmbimeabhciincbpjepemagk2012.10.6.17245_0

CHR - Extension: https://www.dropbox.com/home = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsmpnpalcochkcnfmmkpebfcjiajjcefbe2012.10.6.17783_0

CHR - Extension: AVG Secure Search = C:UsersGarrettAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof12.2.5.32_0

 

O1 HOSTS File: ([2012/10/07 00:50:44 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAlwil SoftwareAvast5aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.

O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM..Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAlwil SoftwareAvast5aswWebRepIE64.dll (AVAST Software)

O3 - HKLM..Toolbar: (no name) - {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4:64bit: - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..Run: [] File not found

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [avast] C:Program FilesAlwil SoftwareAvast5avastUI.exe (AVAST Software)

O4 - HKLM..Run: [avgnt] C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..Run: [HF_G_Jul] C:Program Files (x86)AVG Secure SearchHF_G_Jul.exe ()

O4 - HKLM..Run: [LogMeIn Hamachi Ui] C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..Run: [MMTray] C:Program Files (x86)Morganm3jpegV3MMTray.exe (Morgan Multimedia)

O4 - HKLM..Run: [ROC_ROC_JULY_P1] C:Program Files (x86)AVG Secure SearchROC_ROC_JULY_P1.exe ()

O4 - HKLM..Run: [vProt] C:Program Files (x86)AVG Secure Searchvprot.exe ()

O4 - HKCU..Run: [AlcoholAutomount] C:Program Files (x86)Alcohol SoftAlcohol 52AxAutoMntSrv.exe (Alcohol Soft Development Team)

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKCU..Run: [uTorrent] C:Program Files (x86)uTorrentuTorrent.exe (BitTorrent, Inc.)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000005 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000005 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{36E2E6E9-C007-4097-B144-745D37C8A8A9}: DhcpNameServer = 192.168.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{E0C06911-D267-4DCE-A6F2-3D24F4AD8D67}: DhcpNameServer = 192.168.1.1

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlermakeitlivechrome - No CLSID value found

O18:64bit: - ProtocolHandlerms-help - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlerskype4com - No CLSID value found

O18:64bit: - ProtocolHandlerviprotocol - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlermakeitlivechrome {51472043-0170-45F9-BCCF-19FCFC676D18} - C:Program Files (x86)MakeItLivemakeitlive_toolbar.dll ()

O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)

O18 - ProtocolHandlerviprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller12.2.6ViProtocol.dll ()

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - Program FilesTheme Resource ChangerThemeResourceChanger.dll ()

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/10/07 01:02:36 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN

[2012/10/07 00:47:56 | 000,000,000 | ---D | C] -- C:Windowstemp

[2012/10/06 23:11:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe

[2012/10/06 23:11:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe

[2012/10/06 23:11:51 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe

[2012/10/06 23:11:28 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/10/06 23:10:51 | 000,000,000 | ---D | C] -- C:Windowserdnt

[2012/10/06 23:02:10 | 004,762,471 | R--- | C] (Swearware) -- C:UsersGarrettDesktopComboFix.exe

[2012/10/06 02:41:19 | 000,000,000 | ---D | C] -- C:UsersGarrettAppDataLocalWondershare

[2012/10/06 02:41:17 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesWondershare

[2012/10/06 02:41:14 | 000,000,000 | ---D | C] -- C:UsersGarrettAppDataRoamingWondershare

[2012/10/06 02:40:50 | 000,000,000 | ---D | C] -- C:Program Files (x86)Wondershare

[2012/10/06 00:55:15 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome

[2012/10/06 00:24:21 | 000,000,000 | ---D | C] -- C:WindowsMinidump

[2012/10/03 07:00:52 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSuper patch II

[2012/10/02 07:10:54 | 000,000,000 | ---D | C] -- C:UsersGarrettAppDataRoamingAvira

[2012/10/02 07:09:34 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAvira

[2012/10/02 07:09:17 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:WindowsSysNativedriversavipbb.sys

[2012/10/02 07:09:17 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:WindowsSysNativedriversavgntflt.sys

[2012/10/02 07:09:17 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:WindowsSysNativedriversavkmgr.sys

[2012/10/02 07:09:16 | 000,000,000 | ---D | C] -- C:ProgramDataAvira

[2012/10/02 07:09:16 | 000,000,000 | ---D | C] -- C:Program Files (x86)Avira

[2012/10/02 06:44:28 | 000,000,000 | ---D | C] -- C:UsersGarrettAppDataRoamingLavasoftStatistics

[2012/10/02 06:37:23 | 000,000,000 | ---D | C] -- C:UsersGarrettAppDataRoamingAd-Aware Antivirus

[2012/09/30 02:36:50 | 000,000,000 | ---D | C] -- C:Windowssymbols

[2012/09/30 02:33:59 | 000,000,000 | ---D | C] -- C:ProgramDataVS

[2012/09/30 02:29:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieapfltr.dat

[2012/09/30 02:29:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieapfltr.dat

[2012/09/30 02:29:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll

[2012/09/30 02:29:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl

[2012/09/30 02:29:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl

[2012/09/30 02:29:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll

[2012/09/30 02:29:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll

[2012/09/30 02:29:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll

[2012/09/30 02:29:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevbscript.dll

[2012/09/30 02:29:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieapfltr.dll

[2012/09/30 02:29:37 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedxtmsft.dll

[2012/09/30 02:29:37 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativehtml.iec

[2012/09/30 02:29:37 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieapfltr.dll

[2012/09/30 02:29:37 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64html.iec

[2012/09/30 02:29:37 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedxtrans.dll

[2012/09/30 02:29:37 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieaksie.dll

[2012/09/30 02:29:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll

[2012/09/30 02:29:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll

[2012/09/30 02:29:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll

[2012/09/30 02:29:37 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieaksie.dll

[2012/09/30 02:29:37 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsls31.dll

[2012/09/30 02:29:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsrating.dll

[2012/09/30 02:29:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll

[2012/09/30 02:29:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe

[2012/09/30 02:29:37 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeiexpress.exe

[2012/09/30 02:29:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieakui.dll

[2012/09/30 02:29:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieakui.dll

[2012/09/30 02:29:37 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64msrating.dll

[2012/09/30 02:29:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewextract.exe

[2012/09/30 02:29:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieakeng.dll

[2012/09/30 02:29:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wextract.exe

[2012/09/30 02:29:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64iexpress.exe

[2012/09/30 02:29:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeoccache.dll

[2012/09/30 02:29:37 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeiepeers.dll

[2012/09/30 02:29:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe

[2012/09/30 02:29:37 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeIEAdvpack.dll

[2012/09/30 02:29:37 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieakeng.dll

[2012/09/30 02:29:37 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64occache.dll

[2012/09/30 02:29:37 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64iepeers.dll

[2012/09/30 02:29:37 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeadmparse.dll

[2012/09/30 02:29:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeiesysprep.dll

[2012/09/30 02:29:37 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64IEAdvpack.dll

[2012/09/30 02:29:37 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinseng.dll

[2012/09/30 02:29:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64admparse.dll

[2012/09/30 02:29:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll

[2012/09/30 02:29:37 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeSetIEInstalledDate.exe

[2012/09/30 02:29:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeie4uinit.exe

[2012/09/30 02:29:37 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64iesysprep.dll

[2012/09/30 02:29:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeiesetup.dll

[2012/09/30 02:29:37 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeicardie.dll

[2012/09/30 02:29:37 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inseng.dll

[2012/09/30 02:29:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetdc.ocx

[2012/09/30 02:29:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64SetIEInstalledDate.exe

[2012/09/30 02:29:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64iesetup.dll

[2012/09/30 02:29:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ie4uinit.exe

[2012/09/30 02:29:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll

[2012/09/30 02:29:37 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64icardie.dll

[2012/09/30 02:29:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativepngfilt.dll

[2012/09/30 02:29:37 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64tdc.ocx

[2012/09/30 02:29:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64pngfilt.dll

[2012/09/30 02:29:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeimgutil.dll

[2012/09/30 02:29:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmler.dll

[2012/09/30 02:29:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmler.dll

[2012/09/30 02:29:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeiernonce.dll

[2012/09/30 02:29:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64iernonce.dll

[2012/09/30 02:29:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelicmgr10.dll

[2012/09/30 02:29:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64licmgr10.dll

[2012/09/30 02:29:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshta.exe

[2012/09/30 02:29:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64msfeedssync.exe

[2012/09/30 02:29:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeedssync.exe

[2012/09/30 02:03:05 | 000,000,000 | ---D | C] -- C:UsersGarrettAppDataRoamingHPAppData

[2012/09/30 01:30:56 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware

[2012/09/29 04:02:44 | 000,000,000 | R--D | C] -- C:UsersGarrettDesktopVIRUS SCAN

[2012/09/28 02:02:08 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:WindowsSysWow64driverstmcomm.sys

[2012/09/28 01:55:14 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

[2012/09/28 01:55:08 | 000,000,000 | ---D | C] -- C:ProgramDataSpybot - Search & Destroy

[2012/09/28 01:55:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy

[2012/09/26 00:38:13 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeOxpsConverter.exe

[2012/09/25 17:06:21 | 000,000,000 | ---D | C] -- C:UsersGarrettDesktopSTORY TO UPLOAD

[2012/09/24 03:41:29 | 000,000,000 | ---D | C] -- C:UsersGarrettAppDataRoamingSUPERAntiSpyware.com

[2012/09/24 03:41:11 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSUPERAntiSpyware

[2012/09/24 03:40:52 | 000,000,000 | ---D | C] -- C:Program FilesSUPERAntiSpyware

[2012/09/21 20:58:41 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64qdvd.dll

[2012/09/21 20:58:41 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeqdvd.dll

[2012/09/19 00:06:18 | 000,000,000 | ---D | C] -- C:UsersGarrettAppDataRoamingMicrosoftWindowsStart MenuProgramsTheme Resource Changer X64 v1.0

[2012/09/19 00:05:58 | 000,000,000 | ---D | C] -- C:Program FilesTheme Resource Changer

[2012/09/18 23:26:17 | 000,000,000 | ---D | C] -- C:UsersGarrett0-THEMES

[2012/09/18 23:10:35 | 000,000,000 | ---D | C] -- C:UsersGarrettAppDataRoamingAston

[2012/09/18 23:03:30 | 000,000,000 | ---D | C] -- C:Program FilesAston2

[2012/09/18 22:53:10 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsQuickTime

[2012/09/18 22:50:32 | 000,000,000 | ---D | C] -- C:Program Files (x86)Apple Software Update

[2012/09/18 22:45:30 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesJava

[2012/09/18 22:45:20 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:WindowsSysWow64javaws.exe

[2012/09/18 22:40:30 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativenpDeployJava1.dll

[2012/09/18 22:40:30 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativedeployJava1.dll

[2012/09/18 22:39:51 | 000,000,000 | ---D | C] -- C:Program FilesJava

[2012/09/12 22:03:17 | 000,000,000 | ---D | C] -- C:UsersGarrettAppDataLocalMPlayer

[2012/09/12 21:59:09 | 000,000,000 | ---D | C] -- C:ProgramDataPMS

[2012/09/12 00:35:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversRNDISMP.sys

[2012/09/12 00:35:28 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d10level9.dll

[2012/09/12 00:35:24 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversnetio.sys

[2012/09/12 00:35:24 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversFWPKCLNT.SYS

[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/10/07 15:01:19 | 000,009,920 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/10/07 15:01:19 | 000,009,920 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/10/07 14:59:02 | 000,000,900 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job

[2012/10/07 14:53:08 | 000,000,896 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job

[2012/10/07 14:52:40 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/10/07 14:52:33 | 3019,296,768 | -HS- | M] () -- C:hiberfil.sys

[2012/10/07 05:12:00 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job

[2012/10/07 04:24:23 | 000,307,994 | ---- | M] () -- C:UsersGarrettDocumentsbounceloop2.mp3

[2012/10/07 04:23:23 | 000,632,352 | ---- | M] () -- C:UsersGarrettDocumentsUntitled34534.mp3

[2012/10/07 02:51:57 | 000,038,426 | ---- | M] () -- C:UsersGarrettDocumentsMagic - Drill (TV rip).mp3

[2012/10/07 02:51:16 | 000,127,898 | ---- | M] () -- C:UsersGarrettDocumentsStyle - Land (TV rip).mp3

[2012/10/07 02:10:44 | 000,154,010 | ---- | M] () -- C:UsersGarrettDocumentsbounceloop.mp3

[2012/10/07 00:50:44 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts

[2012/10/07 00:34:26 | 000,344,870 | ---- | M] () -- C:UsersGarrett.recently-used.xbel

[2012/10/06 23:09:49 | 000,000,689 | ---- | M] () -- C:Windowsm3jpeg.ini

[2012/10/06 23:02:32 | 004,762,471 | R--- | M] (Swearware) -- C:UsersGarrettDesktopComboFix.exe

[2012/10/06 00:55:21 | 000,002,228 | ---- | M] () -- C:UsersGarrettDesktopGoogle Chrome.lnk

[2012/10/06 00:24:17 | 600,406,428 | ---- | M] () -- C:WindowsMEMORY.DMP

[2012/10/05 17:59:58 | 000,010,624 | ---- | M] () -- C:UsersGarrettDocumentsrrr-meetup-tribute.veg

[2012/10/05 16:35:32 | 010,093,871 | ---- | M] () -- C:UsersGarrettDocumentswizard-op4.wmv

[2012/10/05 16:30:15 | 000,020,992 | ---- | M] () -- C:UsersGarrettDocumentswizard-op4.veg

[2012/10/05 16:20:14 | 000,018,904 | ---- | M] () -- C:UsersGarrettDocumentswizard-op2.veg

[2012/10/05 07:29:10 | 000,021,312 | ---- | M] () -- C:UsersGarrettDocumentswizard-op4.veg.bak

[2012/10/05 07:16:38 | 000,014,632 | ---- | M] () -- C:UsersGarrettDocumentswizard-op3.veg

[2012/10/05 07:10:25 | 000,018,928 | ---- | M] () -- C:UsersGarrettDocumentswizard-op2.veg.bak

[2012/10/05 04:24:40 | 003,084,284 | ---- | M] () -- C:UsersGarrettBaracuda - Where Is The Love (15% Speed).mp3

[2012/10/05 04:14:52 | 000,014,656 | ---- | M] () -- C:UsersGarrettDocumentswizard-op3.veg.bak

[2012/10/05 03:53:03 | 000,305,488 | ---- | M] () -- C:UsersGarrettBaracuda - Where Is The Love.mp3.sfk

[2012/10/05 03:48:31 | 005,495,502 | ---- | M] () -- C:UsersGarrettBaracuda - Where Is The Love.mp3

[2012/10/04 04:17:01 | 000,021,024 | ---- | M] () -- C:UsersGarrettDocumentsooo-themes-short.veg

[2012/10/04 00:09:08 | 000,021,032 | ---- | M] () -- C:UsersGarrettDocumentsooo-themes-short.veg.bak

[2012/10/03 18:45:46 | 018,645,460 | ---- | M] () -- C:UsersGarrettDocumentsShane on comic making.wav

[2012/10/02 22:07:32 | 000,052,121 | ---- | M] () -- C:UsersGarrettDocumentssnapteaser.jpg

[2012/10/02 21:19:00 | 000,145,178 | ---- | M] () -- C:UsersGarrettDocumentsStyle - Hurricane (TV rip).mp3

[2012/10/02 19:29:28 | 000,936,602 | ---- | M] () -- C:UsersGarrettDocumentsgf-rap-short1.mp3

[2012/10/01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:WindowsSysNativedriversavipbb.sys

[2012/10/01 00:22:20 | 004,989,637 | ---- | M] () -- C:UsersGarrettDocumentskrcameos.wmv

[2012/09/30 17:36:50 | 013,182,015 | ---- | M] () -- C:UsersGarrettDocumentsfourze-finale-tribute-newsong.wmv

[2012/09/30 17:25:44 | 000,665,704 | ---- | M] () -- C:UsersGarrettDocumentsfourze-finale-tribute-full.wmv.sfk

[2012/09/30 15:47:01 | 000,023,752 | ---- | M] () -- C:UsersGarrettDocumentsnadeshiko-supergirl.veg

[2012/09/30 15:46:04 | 021,566,399 | ---- | M] () -- C:UsersGarrettDocumentsnadeshiko-supergirl.wmv

[2012/09/30 05:09:36 | 000,024,472 | ---- | M] () -- C:UsersGarrettDocumentsnadeshiko-supergirl.veg.bak

[2012/09/30 05:06:02 | 000,016,560 | ---- | M] () -- C:UsersGarrettDocumentsmvintro-2013-proper.wmv.sfk

[2012/09/30 04:42:27 | 000,077,560 | ---- | M] () -- C:UsersGarrettDocumentsmegamaxfight-better.veg

[2012/09/30 04:42:06 | 000,077,560 | ---- | M] () -- C:UsersGarrettDocumentsmegamaxfight-better.veg.bak

[2012/09/30 03:22:59 | 000,000,980 | ---- | M] () -- C:UsersGarrettDesktopTweetDeck.lnk

[2012/09/30 02:29:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64ieapfltr.dat

[2012/09/30 02:29:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeieapfltr.dat

[2012/09/30 02:29:37 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll

[2012/09/30 02:29:37 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl

[2012/09/30 02:29:37 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl

[2012/09/30 02:29:37 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll

[2012/09/30 02:29:37 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll

[2012/09/30 02:29:37 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll

[2012/09/30 02:29:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativevbscript.dll

[2012/09/30 02:29:37 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeieapfltr.dll

[2012/09/30 02:29:37 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativedxtmsft.dll

[2012/09/30 02:29:37 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativehtml.iec

[2012/09/30 02:29:37 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64ieapfltr.dll

[2012/09/30 02:29:37 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64html.iec

[2012/09/30 02:29:37 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativedxtrans.dll

[2012/09/30 02:29:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeieaksie.dll

[2012/09/30 02:29:37 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll

[2012/09/30 02:29:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll

[2012/09/30 02:29:37 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64url.dll

[2012/09/30 02:29:37 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64ieaksie.dll

[2012/09/30 02:29:37 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativemsls31.dll

[2012/09/30 02:29:37 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativemsrating.dll

[2012/09/30 02:29:37 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll

[2012/09/30 02:29:37 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe

[2012/09/30 02:29:37 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeiexpress.exe

[2012/09/30 02:29:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64ieakui.dll

[2012/09/30 02:29:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeieakui.dll

[2012/09/30 02:29:37 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64msrating.dll

[2012/09/30 02:29:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativewextract.exe

[2012/09/30 02:29:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeieakeng.dll

[2012/09/30 02:29:37 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64wextract.exe

[2012/09/30 02:29:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64iexpress.exe

[2012/09/30 02:29:37 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeoccache.dll

[2012/09/30 02:29:37 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeiepeers.dll

[2012/09/30 02:29:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe

[2012/09/30 02:29:37 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeIEAdvpack.dll

[2012/09/30 02:29:37 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64ieakeng.dll

[2012/09/30 02:29:37 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64occache.dll

[2012/09/30 02:29:37 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64iepeers.dll

[2012/09/30 02:29:37 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeadmparse.dll

[2012/09/30 02:29:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeiesysprep.dll

[2012/09/30 02:29:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64IEAdvpack.dll

[2012/09/30 02:29:37 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeinseng.dll

[2012/09/30 02:29:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64admparse.dll

[2012/09/30 02:29:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll

[2012/09/30 02:29:37 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeSetIEInstalledDate.exe

[2012/09/30 02:29:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeie4uinit.exe

[2012/09/30 02:29:37 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64iesysprep.dll

[2012/09/30 02:29:37 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeiesetup.dll

[2012/09/30 02:29:37 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeicardie.dll

[2012/09/30 02:29:37 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64inseng.dll

[2012/09/30 02:29:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativetdc.ocx

[2012/09/30 02:29:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64SetIEInstalledDate.exe

[2012/09/30 02:29:37 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64iesetup.dll

[2012/09/30 02:29:37 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64ie4uinit.exe

[2012/09/30 02:29:37 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll

[2012/09/30 02:29:37 | 000,072,822 | ---- | M] () -- C:WindowsSysWow64ieuinit.inf

[2012/09/30 02:29:37 | 000,072,822 | ---- | M] () -- C:WindowsSysNativeieuinit.inf

[2012/09/30 02:29:37 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64icardie.dll

[2012/09/30 02:29:37 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativepngfilt.dll

[2012/09/30 02:29:37 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64tdc.ocx

[2012/09/30 02:29:37 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64pngfilt.dll

[2012/09/30 02:29:37 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeimgutil.dll

[2012/09/30 02:29:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64mshtmler.dll

[2012/09/30 02:29:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativemshtmler.dll

[2012/09/30 02:29:37 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativeiernonce.dll

[2012/09/30 02:29:37 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64iernonce.dll

[2012/09/30 02:29:37 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativelicmgr10.dll

[2012/09/30 02:29:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64licmgr10.dll

[2012/09/30 02:29:37 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativemshta.exe

[2012/09/30 02:29:37 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:WindowsSysWow64msfeedssync.exe

[2012/09/30 02:29:37 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:WindowsSysNativemsfeedssync.exe

[2012/09/30 01:44:33 | 006,291,781 | ---- | M] () -- C:UsersGarrettbookmarks-2012-09-30.json

[2012/09/30 01:30:57 | 000,001,106 | ---- | M] () -- C:UsersGarrettApplication DataMicrosoftInternet ExplorerQuick LaunchMalwarebytes Anti-Malware.lnk

[2012/09/30 00:12:36 | 000,032,666 | ---- | M] () -- C:UsersGarrettDocuments2343423.mp3

[2012/09/30 00:12:28 | 000,160,154 | ---- | M] () -- C:UsersGarrettDocumentsringslash.mp3

[2012/09/29 23:57:43 | 000,012,264 | ---- | M] () -- C:UsersGarrettDocumentsgf-rap-short.veg

[2012/09/29 17:07:51 | 000,241,829 | ---- | M] () -- C:UsersGarrettAppDataLocalcensus.cache

[2012/09/29 17:07:49 | 000,132,556 | ---- | M] () -- C:UsersGarrettAppDataLocalars.cache

[2012/09/28 15:25:47 | 001,661,493 | ---- | M] () -- C:UsersGarrettDocumentsmvintro-2013-proper.wmv

[2012/09/28 15:23:43 | 000,034,072 | ---- | M] () -- C:UsersGarrettDocumentsmvintro-2013.veg

[2012/09/28 02:27:00 | 000,444,411 | R--- | M] () -- C:WindowsSysNativedriversetchosts.20121002-074523.backup

[2012/09/28 01:59:14 | 000,000,036 | ---- | M] () -- C:UsersGarrettAppDataLocalhousecall.guid.cache

[2012/09/28 01:55:14 | 000,001,255 | ---- | M] () -- C:UsersGarrettApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

[2012/09/26 17:13:35 | 000,046,001 | ---- | M] () -- C:UsersGarrettDocumentsKeitaros - Ringtone1.mp3

[2012/09/26 17:10:52 | 000,115,382 | ---- | M] () -- C:UsersGarrettDocumentskphone-climaxtune.mp3

[2012/09/26 17:09:52 | 000,026,357 | ---- | M] () -- C:UsersGarrettDocumentskphone-momourakinryu.mp3

[2012/09/26 17:09:31 | 000,031,790 | ---- | M] () -- C:UsersGarrettDocumentskphone-beep.mp3

[2012/09/24 19:17:40 | 000,001,021 | ---- | M] () -- C:UsersGarrettDesktopDropbox.lnk

[2012/09/24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:WindowsSysNativedriversavkmgr.sys

[2012/09/23 19:

Link to comment
Share on other sites

And the text from Extras. EDIT: Some of it, anyway. See next post...

 

 

OTL Extras logfile created on: 10/7/2012 3:01:28 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersGarrettDownloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 42.05% Memory free

7.50 Gb Paging File | 4.72 Gb Available in Paging File | 62.95% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 684.54 Gb Total Space | 62.31 Gb Free Space | 9.10% Space Free | Partition Type: NTFS

Drive F: | 149.01 Gb Total Space | 28.68 Gb Free Space | 19.24% Space Free | Partition Type: FAT32

 

Computer Name: BETA_2 | User Name: Garrett | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.html [@ = htmlfile] -- "C:Program Files (x86)Internet Exploreriexplore.exe" -nohome

.url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- "C:Program Files (x86)Internet Exploreriexplore.exe" -nohome

 

[HKEY_CURRENT_USERSOFTWAREClasses<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:Program Files (x86)Internet Exploreriexplore.exe" -nohome

htmlfile [opennew] -- "C:Program Files (x86)Internet Exploreriexplore.exe" %1

htmlfile [print] -- rundll32.exe %SystemRoot%system32mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:Program Files (x86)Internet Exploreriexplore.exe" -nohome

https [open] -- "C:Program Files (x86)Internet Exploreriexplore.exe" -nohome

inffile [install] -- %SystemRoot%System32rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:Program Files (x86)Winampwinamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:Program Files (x86)Winampwinamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:Program Files (x86)Winampwinamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Applicationsiexplore.exe [open] -- "C:Program Files (x86)Internet Exploreriexplore.exe" %1

CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:Program Files (x86)Internet Exploreriexplore.exe" -nohome

htmlfile [opennew] -- "C:Program Files (x86)Internet Exploreriexplore.exe" %1

http [open] -- "C:Program Files (x86)Internet Exploreriexplore.exe" -nohome

https [open] -- "C:Program Files (x86)Internet Exploreriexplore.exe" -nohome

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:Program Files (x86)Winampwinamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:Program Files (x86)Winampwinamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:Program Files (x86)Winampwinamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Applicationsiexplore.exe [open] -- "C:Program Files (x86)Internet Exploreriexplore.exe" %1

CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

 

========== System Restore Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTSystemRestore]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTSystemRestore]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]

"C:Program Files (x86)xchatxchat.exe" = C:Program Files (x86)xchatxchat.exe:*:Enabled:XChat IRC Client -- ()

"C:Program Files (x86)xchatxchat.exe" = C:Program Files (x86)xchatxchat.exe:*:Enabled:XChat IRC Client -- ()

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{0607D367-9FD3-4F48-9257-FD3069087405}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%system32svchost.exe |

"{061A495C-D42C-42B8-ABC2-2E98FDA5FB1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |

"{0FE4E719-19BA-4440-BFEE-7B368ABFEC2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%system32svchost.exe |

"{21A79366-5649-40E6-AD4F-A87798C10D51}" = rport=137 | protocol=17 | dir=out | app=system |

"{225C2807-EAB9-4DD7-87F9-3663406D3564}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%system32svchost.exe |

"{2A97FB02-3131-4DA3-A64B-7EDD144D30A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |

"{3F8249BC-CF72-40B0-A11B-3B7A7F869FC3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{40DA4D37-DFD5-4CD5-8ADD-4056C9E3DF70}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |

"{46BD8115-776E-4258-A8E4-AF346DA075BE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{4EB35778-A52F-4F2C-A724-1D520C73EC28}" = lport=139 | protocol=6 | dir=in | app=system |

"{50250106-847F-44E9-8897-5834189C4C59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5417013F-F5AF-4770-858F-043D82F5C3FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%system32svchost.exe |

"{70455577-DA74-40FD-994C-AFC364D2D450}" = rport=10243 | protocol=6 | dir=out | app=system |

"{796D7677-7908-4500-B614-CD2E0CB616AA}" = lport=138 | protocol=17 | dir=in | app=system |

"{7B4C08E9-4159-44B7-8C68-2699C5AC63BA}" = rport=138 | protocol=17 | dir=out | app=system |

"{7EF57F1F-7CCF-4787-B7EB-6D07052049BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%system32svchost.exe |

"{9A40FAC9-40B9-4298-86A2-B1D5B1D524E6}" = lport=445 | protocol=6 | dir=in | app=system |

"{9D14B83F-C17C-4C14-8A18-C39FF90B902F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{A6192021-C72D-41AD-84BB-B5B93382EDE4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{AF8CB278-77E0-43BB-AAEA-598A848B31D0}" = lport=137 | protocol=17 | dir=in | app=system |

"{B3F3EFDA-D579-4EF4-8482-754980718F65}" = rport=139 | protocol=6 | dir=out | app=system |

"{C0C2D672-1548-4B31-987C-AA16C8422E22}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:windowsmicrosoft.netframework64v4.0.30319smsvchost.exe |

"{C32B33DC-CBF2-46CB-990B-26D2CF824388}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D8FE3DDB-4F6A-4AB0-9727-EE2EFFDFF873}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |

"{EC0B3417-3E68-4525-BCF1-CE69161EDB84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |

"{F4785053-0527-41B0-853E-AC2C0DF99DBF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F9F1445B-E4B1-4A58-88DC-79C2F007763C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%system32svchost.exe |

"{FC2D461D-8E92-411D-844A-B65A16E533F2}" = rport=445 | protocol=6 | dir=out | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{00E72347-9CB3-42B9-B658-222B5A1344F6}" = protocol=58 | dir=in | app=system |

"{05891D3B-79E1-4D05-B4A5-6411C2CF099F}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonsuperbrothers sword & sworcery epswordandsworcery_pc.exe |

"{067A06EB-6105-4F21-9654-784853777C60}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{06EDE382-4D34-4F97-815E-1779D93C1BBE}" = protocol=6 | dir=in | app=c:program files (x86)pando networksmedia boosterpmb.exe |

"{08C5B513-050F-4D5F-AB7E-12C5DD705DFF}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonlone survivorlonesurvivorlonesurvivor.exe |

"{09725573-B797-46A9-A3B6-F667B878B636}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{0A311ED3-4175-4A20-9E9C-867EDD8E47CF}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonsuperbrothers sword & sworcery epswordandsworcery_pc.exe |

"{0A420093-3B6C-4BAB-A662-831DD188FBEE}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{0A65D7AF-7A0D-4C35-B3C0-1B3F1991B200}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonamnesia the dark descentlauncher.exe |

"{0ADD8D7C-042A-41A4-BFCF-72600324FDF9}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{0BD19682-7DA2-400B-80BE-8D30D549152E}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{0CB05CC6-69EC-4E39-AAFE-1655094E52B1}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmpnetwk.exe |

"{17065FB3-9CB9-4917-B980-6B2AAAB808FA}" = dir=in | app=c:program files (x86)hpdigital imagingbinhpqtra08.exe |

"{18B4D387-7FD0-4842-B376-A4E12C5200B5}" = protocol=17 | dir=in | app=c:program files (x86)videolanvlcvlc.exe |

"{192BDDB8-7A0E-4F9D-AC8A-7BB70A6ECF3A}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{194C5CB8-6020-495B-8749-9C3BB02A367C}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{1BFDE6C9-7DDB-4FF5-AA1B-06AD89B9546D}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{1D728886-F516-45BC-BC57-622FD529A0F6}" = protocol=17 | dir=in | app=c:program files (x86)javajre7binjavaw.exe |

"{1DF14F65-FCCC-4357-A616-48F0B6CE82F9}" = dir=in | app=c:program files (x86)hpdigital imagingbinhpfccopy.exe |

"{1F4CC7DE-CCB9-4C8F-A0EC-4D5CBEB05852}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{2008E1AA-0686-4877-AFE4-736DF88F28AB}" = protocol=6 | dir=in | app=c:nexondfodfo.exe |

"{20C103E8-0301-4BA6-BE82-EF1486A578DC}" = dir=in | app=c:program files (x86)pando networksmedia boosterpmb.exe |

"{212DD851-7E5F-4F6D-8665-60CCF3CBC6DE}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmpnetwk.exe |

"{22384014-9BB4-4B92-A1E1-BA53D97BF4CC}" = dir=in | app=c:program files (x86)windows livecontactswlcomm.exe |

"{2358CF8B-437D-4E8E-8851-BAFDEB91F56C}" = dir=in | app=c:program files (x86)skypeplugin managerskypepm.exe |

"{23FC6590-DF05-427A-984B-F4C37F2219CC}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonsuper meat boysupermeatboy.exe |

"{265FA77D-E51F-4780-ADF2-6F213BFCA2DE}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{266A0F32-0C34-4AF1-8806-74E87B059921}" = protocol=17 | dir=in | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{293E7D46-E2E0-4558-BD4D-0CF2BF73341F}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{2D21BDCF-8043-498A-9D28-60686BA74052}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonchampions onlinechampions online.exe |

"{2E0F4352-A339-4B13-9A1D-47BC60BC9803}" = protocol=6 | dir=in | app=c:program files (x86)aimaim.exe |

"{3273B391-DCBC-41CB-B7E6-B3706797F286}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{32E05E53-F207-4979-BD23-E62664444724}" = protocol=6 | dir=in | app=c:program files (x86)lexmark 2400 serieslxcraiox.exe |

"{33207195-12AF-4589-8713-A5D5A31D8BC0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%system32svchost.exe |

"{338AF684-8B5E-4CBC-ACBA-9D9200CA5BBB}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{358FC715-E21B-4E4D-BBAC-037035456B02}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{35A290A7-2F65-4DC9-8151-89527B8B62CB}" = protocol=17 | dir=in | app=c:windowssystem32lxcrcoms.exe |

"{377A2681-5F8D-4BCC-BE3E-BFEC8331A6B3}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{37C94974-9A4A-463B-91E8-AB3D6057C87B}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{38C048E3-40B7-49D2-BABF-A37C402C07E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%system32svchost.exe |

"{39ADCB3A-B244-483B-8D2B-CBF25F5CE7EF}" = dir=in | app=c:program files (x86)hpdigital imagingbinhpqcopy2.exe |

"{3B05E6FE-3063-4DEB-92A9-ED182E69E562}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{3BCEC7B8-5CF3-414C-88DE-A4B39B78751D}" = dir=in | app=c:program files (x86)hpdigital imagingsmart web printingsmartwebprintexe.exe |

"{3BD2092F-05AC-4D9C-89D2-8CEFC032B23B}" = dir=in | app=c:program files (x86)hpdigital imagingbinhpqste08.exe |

"{3F383C7C-2011-45F7-BE55-D519A3FDFE5A}" = protocol=17 | dir=in | app=c:windowssyswow64lxcrcoms.exe |

"{40485258-1EE4-4EF7-AF83-BB7135FF48FD}" = dir=in | app=c:program files (x86)hpdigital imagingbinhpqusgh.exe |

"{40D45A55-C74D-4D6B-807E-2B7BDB180369}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonterrariaterrariaserver.exe |

"{44F22AF9-15A4-463A-82D0-2DE26ECB18E2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%system32svchost.exe |

"{45FCBC06-5A97-463E-AFBC-B30BE340910E}" = protocol=17 | dir=in | app=c:usersgarrettappdataroamingdropboxbindropbox.exe |

"{48D4F4B6-E089-4F3F-ACC0-198796520F98}" = protocol=17 | dir=in | app=c:program files (x86)mozilla firefoxplugin-container.exe |

"{496DA637-6A26-4692-880B-0E6FA95926C1}" = protocol=6 | dir=in | app=c:program files (x86)pando networksmedia boosterpmb.exe |

"{49F4ED58-E924-44B6-840A-C2FFFFDD86C6}" = dir=in | app=c:program files (x86)common filesmicrosoft sharedxnaxnatransv3.0xnatransx.exe |

"{4A482E9F-4074-4EB5-8E4F-168511AD4BA4}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{4FD4B4CE-6DCE-4670-B1A7-3AEFE3D5DD5E}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{50FD3C20-404B-4F1D-A35C-D96EE37824AC}" = protocol=17 | dir=in | app=c:program files (x86)aimaim.exe |

"{51292C63-791E-432B-A1B9-1C14003AB32E}" = dir=in | app=c:program files (x86)hpdigital imagingbinhpqkygrp.exe |

"{52A95C4B-D5D9-453A-ABD8-694C114B5D3C}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonglobal agenda livebinarieslauncherbinhirezlauncherui.exe |

"{53B68012-CB8A-4612-B870-234846871D1E}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{567C7EEF-02D4-4840-B109-F5017FED3297}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{5A4EA8FC-F459-4FC8-842A-8812821CFF43}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonterrariatconfigserver.exe |

"{5BA40500-5C34-4B79-BCB3-B11AE0E3A2BF}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{5BBBDFB5-65D8-4CE6-B865-4AAA8F0727A6}" = protocol=17 | dir=in | app=c:program files (x86)bonjourmdnsresponder.exe |

"{5BD194B4-50B5-4E2A-9B5B-AF8CDE6CF59E}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{5CC3D561-51BF-4DF6-9914-9CCAE09E3E04}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{64151B2A-74A0-4417-8214-8637A50F81F2}" = protocol=6 | dir=in | app=c:program files (x86)steamsteam.exe |

"{66391046-FF06-4DED-A869-F8EE7E62DD92}" = protocol=6 | dir=in | app=c:windowssyswow64lxcrcoms.exe |

"{672457DA-3BD8-4FEF-B18F-0562592ED8D8}" = protocol=6 | dir=in | app=c:program files (x86)microsoft officeoffice12onenote.exe |

"{678A5CB8-43D0-49C1-9DBA-3AF9FC004DFF}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonlone survivorlonesurvivorlonesurvivor.exe |

"{682F9643-558C-4F2E-BAD1-5A5DC0D3BDFE}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{6832CDAD-4503-477D-9A99-0AC0F45FDF6C}" = dir=in | app=c:program files (x86)hpdigital imagingbinhpqgpc01.exe |

"{6BDFAD0D-8DC7-45BE-81B2-E7B0F4F1588B}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonglobal agenda livebinarieslauncherbinhirezlauncherui.exe |

"{6CD1C99E-FC4C-40F6-BE35-AC64E5CA3EE8}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{6D767B11-7385-4490-A64D-B54B97001E89}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmpnetwk.exe |

"{6DFE436F-F99D-4DE8-BDA7-9A596DE1BC8C}" = protocol=6 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{6E1C9D32-DCD0-4E5B-B05D-9149D9E5F770}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%system32svchost.exe |

"{6E229B4A-55B5-46A7-ABD3-17F7D492A2D7}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonsuper meat boysupermeatboy.exe |

"{6EEC5B57-6530-4435-A2CA-EE3D07371077}" = protocol=6 | dir=in | app=c:program files (x86) (x86)lexmark 2400 serieslxcraiox.exe |

"{7170C0C5-DB40-4F6C-B268-CB41B3F1A649}" = protocol=17 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{7198EDDD-B3F9-4F2E-B9B4-9BE8F39852AB}" = protocol=6 | dir=in | app=c:windowssystem32lxcrcoms.exe |

"{75218820-3C07-4EAC-8636-2BEF20BF2C51}" = dir=in | app=c:program files (x86)hpdigital imagingbinhposid01.exe |

"{75DF1B18-E02D-4421-BC78-F61235FCC809}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonamnesia the dark descentlauncher.exe |

"{76A4D15D-FA3A-4D89-ABC0-F674D7102E7A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%system32svchost.exe |

"{786F83B6-7FAF-42E7-B27F-2E118D966E73}" = protocol=6 | dir=out | app=system |

"{7884C97E-AB68-4E52-95EC-65B86645D2B5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%system32svchost.exe |

"{7B383AC9-D844-4986-948E-0D39C197AEE2}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{7FEA04C1-C19B-4A0A-A347-83354401F08D}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonchampions onlinechampions online.exe |

"{81990B38-9C31-4B0B-9BFF-B9EDFD005007}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{82B6B65A-4726-43C5-8015-7502E855D521}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe |

"{85667F3A-DA2E-4038-99E2-BB64D59D57D5}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{88EAA474-249B-4DB2-9D51-129DC30E85FD}" = protocol=17 | dir=in | app=c:program files (x86)utorrentutorrent.exe |

"{904E6D90-FB23-4A8B-89E8-B008F1EA37F2}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonchampions onlinechampions online.exe |

"{913AC183-907B-4A74-9D79-75662B214D49}" = dir=in | app=c:program files (x86)common filesappleapple application supportwebkit2webprocess.exe |

"{94D94E1B-CFE5-4E98-B62A-084C2ED8A2F2}" = dir=in | app=c:program files (x86)hpdigital imagingbinhpiscnapp.exe |

"{95874577-93E9-49E9-A161-E5690A3A7A58}" = dir=in | app=c:program files (x86)windows livesyncwindowslivesync.exe |

"{95E3BB95-EF20-4ABA-9DDB-A96BB906213F}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{968D9D5E-9C54-4B18-BAA5-F17343B81B96}" = dir=in | app=c:program files (x86)windows livemessengermsnmsgr.exe |

"{98915DB4-4FF9-4B1A-8685-2FE768FA2470}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonterrariaterrariaserver.exe |

"{9992A336-359D-40BB-B4CE-B061BB42E37F}" = protocol=17 | dir=in | app=c:udkparanormal - beta 4binarieswin32udk.exe |

"{9C71960B-5C85-4016-B476-CD9316CD9FAB}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{9C937F50-0463-456B-8B22-54D35B1F797D}" = protocol=17 | dir=in | app=c:program files (x86) (x86)lexmark 2400 serieslxcraiox.exe |

"{A24C6D5F-5FA8-4CA0-A355-BC2843D57F46}" = protocol=6 | dir=in | app=c:program files (x86)bonjourmdnsresponder.exe |

"{A339BE34-366D-4C59-8E02-03775DD975B8}" = protocol=6 | dir=in | app=c:usersgarrettappdataroamingdropboxbindropbox.exe |

"{A33BB2CF-16BD-4946-B4F5-DE0E5E2355A5}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{A4E94248-E953-4837-9766-1F3EC05FF5F4}" = protocol=6 | dir=in | app=c:usersgarrettappdataroamingdropboxbindropbox.exe |

"{A5CA2BAB-7229-46B3-AA03-E5B2A90DCC90}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{A67BE88B-7AA9-4CD0-A04B-D5C4593AB023}" = protocol=17 | dir=in | app=c:programdatanexonusngmngm.exe |

"{A69D6920-DF60-46F7-8E3A-16BA5C686193}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonsega classicssegagenesisclassics.exe |

"{A8376516-ADB6-4CC2-B3D8-21A87D10937A}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonpsychonautspsychonauts.exe |

"{A87EE9C7-3214-41FC-90E2-616C63B6634F}" = dir=in | app=c:program files (x86)hpdigital imagingbinhpqusgm.exe |

"{A944CD8C-78C3-4718-9E81-6A43F0460219}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe |

"{AC87B766-5EFF-4F28-B00F-DFAD10AD050A}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{AD678C2E-556A-4FD0-8DB6-474196C7AAB7}" = protocol=17 | dir=in | app=c:program files (x86)steamsteam.exe |

"{AD78DDD5-B9F3-4E35-95DF-E56D651434E9}" = dir=in | app=c:program files (x86)hpdigital imagingbinhpqgplgtupl.exe |

"{ADC129D8-1DEB-45EC-BFAD-7705334DBC54}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonchampions onlinechampions online.exe |

"{AF58463B-676F-450F-9C89-616219521E6C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%system32svchost.exe |

"{B0E157D4-B55E-496E-9030-03118AE164C7}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonpsychonautspsychonauts.exe |

"{B1BC4289-ED61-4656-B48E-73FAFE7FF95C}" = protocol=17 | dir=in | app=c:program files (x86)gametoolsxnaaplayer40.exe |

"{B2255156-3483-4B05-B934-B23F642E365E}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{B284B16D-A2B3-46A0-BC11-B28EAE08EB5D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%system32svchost.exe |

"{B5C9E0E5-D1A9-47C9-823F-3049A56D74D0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%system32svchost.exe |

"{B7775F23-82C1-47DF-B81F-38ACA9A34BA3}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{B78A29B2-71FF-42D0-BECB-CD47BC13AA8D}" = protocol=17 | dir=in | app=c:program files (x86)pando networksmedia boosterpmb.exe |

"{B79FA83C-5BEB-4D47-8047-118FB1D6B41A}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{BA76B535-49DB-4AC0-A3E1-4674F7AC788C}" = protocol=6 | dir=in | app=c:program files (x86)javajre7binjavaw.exe |

"{BE8440F0-43A2-48CF-96A2-AFD956D6CA1D}" = protocol=6 | dir=in | app=c:program files (x86)mozilla firefoxplugin-container.exe |

"{C0261C23-08BC-458A-A8C7-660655AA7A7B}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonterrariatconfigserver.exe |

"{C44F96FC-227C-4D78-825A-0856708CEE9D}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonspiral knightsjava_vmbinjavaw.exe |

"{C5D16F48-E5AD-435D-B709-AE0098E8BC72}" = dir=in | app=c:program files (x86)hphp software updatehpwucli.exe |

"{C9E3B89A-9779-44CA-A0D0-DF4974AACCB4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%system32svchost.exe |

"{CC0B32EE-F531-4FFB-B939-F1022E8ED1AA}" = protocol=17 | dir=in | app=c:usersgarrettappdataroamingdropboxbindropbox.exe |

"{CD57E2E5-2553-487C-AF32-8CBAC071EAE6}" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonspiral knightsjava_vmbinjavaw.exe |

"{D1876883-23C3-45BD-86E1-22DD8E08E7F4}" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonsega classicssegagenesisclassics.exe |

"{D3A5FB35-C908-4E37-AEE8-43B815C779EF}" = dir=in | app=c:program files (x86)common fileshpdigital imagingbinhpqphotocrm.exe |

"{D71BEEBA-4C04-4BE8-89BF-CCEF7DE60018}" = protocol=17 | dir=in | app=c:program files (x86)pando networksmedia boosterpmb.exe |

"{D7341364-36D9-4BC3-A9BC-C8A5E0051752}" = protocol=6 | dir=in | app=c:program files (x86)utorrentutorrent.exe |

"{D77F8110-727A-4B92-9490-9CBC74F0A879}" = protocol=6 | dir=in | app=c:program files (x86)lexmark 2400 serieslxcrmon.exe |

"{DBF4B25B-ABD3-4C05-B3EA-B95EF7AD482A}" = protocol=6 | dir=in | app=c:programdatanexonusngmngm.exe |

"{DDEDD461-BBBB-48DF-84F3-31F1BCA7402B}" = protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice12onenote.exe |

"{DF503047-C1D9-46A8-B18E-9828806F6FBF}" = protocol=17 | dir=in | app=c:program files (x86) (x86)lexmark 2400 serieslxcrmon.exe |

"{E095339F-628C-4DE1-A656-560F500D6A00}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{E0FA0A22-2A14-4525-A6F5-B8EA44E10BDC}" = protocol=17 | dir=in | app=c:program files (x86)lexmark 2400 serieslxcrmon.exe |

"{E17AF84C-AFFD-4906-8661-F9F127DB377E}" = protocol=17 | dir=in | app=c:nexondfodfo.exe |

"{E548216D-52B3-444E-A857-F5E786B262B2}" = dir=in | app=c:program files (x86)hpdigital imagingbinhpoews01.exe |

"{E74E1C68-F78D-4FAF-B2C6-B37949AAE0FB}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{E9B72A36-903F-49A4-ACEB-DE166D4BBD65}" = protocol=6 | dir=in | app=c:program files (x86)gametoolsxnaaplayer40.exe |

"{EAAB0564-A64B-47FC-913F-01202EDD7E00}" = protocol=6 | dir=in | app=%programfiles%windows media playerwmpnetwk.exe |

"{F020ED44-CDA3-4C90-8024-F0754E9420FA}" = protocol=6 | dir=in | app=c:program files (x86)videolanvlcvlc.exe |

"{F5F3049B-9FAC-408C-9007-F047A02DC206}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{F6638165-9A58-4E69-90DC-66B1B9D74487}" = protocol=6 | dir=in | app=c:udkparanormal - beta 4binarieswin32udk.exe |

"{F864CED0-64D1-4B6C-9984-D9A3ADB7B930}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{F8D7EFC9-7FB5-4DF6-8A11-E300F9CFAB34}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{F979F0EB-680F-42C3-BDBE-DD9E310B7CB7}" = protocol=17 | dir=in | app=c:program files (x86)lexmark 2400 serieslxcraiox.exe |

"{FB83F62A-2245-435D-8FE9-58D1E610FE2A}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{FB8B8D32-1527-4D89-84AC-63BE932CEFEC}" = protocol=6 | dir=in | app=c:program files (x86) (x86)lexmark 2400 serieslxcrmon.exe |

"{FCDCE70E-E22F-4643-8770-D2FE5E66E82F}" = dir=in | app=c:program files (x86)microsoft xnaxna game studiov4.0binxnaliveproxy.exe |

"{FD594C2E-7A8A-4466-8888-2F3CF0B7EA15}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%system32svchost.exe |

"{FF0E46F0-0AF1-4010-BDC7-F1C293B4234D}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"TCP Query User{0C8D1D2E-6670-486A-ADF1-6C3E986B2F2A}C:program files (x86)steamsteamappscommonchampions onlinechampions onlinelivegameclient.exe" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonchampions onlinechampions onlinelivegameclient.exe |

"TCP Query User{1C3564F3-8F23-42A0-B19B-D069E8B90E78}C:program files (x86)mozilla firefoxfirefox.exe" = protocol=6 | dir=in | app=c:program files (x86)mozilla firefoxfirefox.exe |

"TCP Query User{1F92C298-F60D-4F4D-BF15-C01933219A0E}C:program files (x86)internet exploreriexplore.exe" = protocol=6 | dir=in | app=c:program files (x86)internet exploreriexplore.exe |

"TCP Query User{4D828710-1587-4D4A-B0E4-6AF7C9CA07E3}C:program files (x86)gametoolsxnaaplayer40.exe" = protocol=6 | dir=in | app=c:program files (x86)gametoolsxnaaplayer40.exe |

"TCP Query User{54EDA99F-8A40-425C-9F88-CC9A18776AD6}C:program files (x86)electronic artseadmcore.exe" = protocol=6 | dir=in | app=c:program files (x86)electronic artseadmcore.exe |

"TCP Query User{5859FF1A-0B4E-4CE7-AAE7-390D015E34EA}C:program files (x86)steamsteamappscommonterrariaterrariaserver.exe" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonterrariaterrariaserver.exe |

"TCP Query User{658C9991-367D-4EB5-BF7F-BCCBBE0F988F}C:program files (x86)javajre7binjavaw.exe" = protocol=6 | dir=in | app=c:program files (x86)javajre7binjavaw.exe |

"TCP Query User{6D1A61DE-652D-42AE-A9AF-26C71BCEE874}C:program files (x86)javajre6binjava.exe" = protocol=6 | dir=in | app=c:program files (x86)javajre6binjava.exe |

"TCP Query User{70E27216-AE8A-49B9-900A-A9B8E307A69C}C:program files (x86)steamsteamappscommonterrariatconfigserver.exe" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonterrariatconfigserver.exe |

"TCP Query User{78840E57-B16B-4C81-BF58-F6A664B3AB51}C:program files (x86)javajre6binjavaw.exe" = protocol=6 | dir=in | app=c:program files (x86)javajre6binjavaw.exe |

"TCP Query User{7C5C5FBD-3F48-4C14-9470-62A143074A05}C:program files (x86)mozilla firefoxplugin-container.exe" = protocol=6 | dir=in | app=c:program files (x86)mozilla firefoxplugin-container.exe |

"TCP Query User{8ACB5736-C27E-4C35-A235-A5BFF16130C9}C:nexondfodfo.exe" = protocol=6 | dir=in | app=c:nexondfodfo.exe |

"TCP Query User{9079D02C-674B-4A0E-BC70-F0F9AAED02AE}C:program files (x86)steamsteamappscommonglobal agenda livebinariesglobalagenda.exe" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscommonglobal agenda livebinariesglobalagenda.exe |

"TCP Query User{90FFC008-19D6-4188-9688-763725A217DA}C:program files (x86)videolanvlcvlc.exe" = protocol=6 | dir=in | app=c:program files (x86)videolanvlcvlc.exe |

"TCP Query User{91BB7120-5884-4A02-B0BC-0F4CA587E4A1}C:program files (x86)winampwinamp.exe" = protocol=6 | dir=in | app=c:program files (x86)winampwinamp.exe |

"TCP Query User{A33B7005-8444-43BB-9A7D-B50AAE65A5EA}C:program files (x86)xchatxchat.exe" = protocol=6 | dir=in | app=c:program files (x86)xchatxchat.exe |

"TCP Query User{C88B3918-DC39-4FA3-81B5-4C01916673F3}C:program files (x86)aimaim.exe" = protocol=6 | dir=in | app=c:program files (x86)aimaim.exe |

"TCP Query User{D9D8EF77-3B04-4E5D-B994-7A22206F24FB}C:program files (x86)internet exploreriexplore.exe" = protocol=6 | dir=in | app=c:program files (x86)internet exploreriexplore.exe |

"TCP Query User{DA6E3F59-9868-4E4B-A730-05BDA63B0FC8}C:program files (x86)steamsteamappscloudythoughts7team fortress 2hl2.exe" = protocol=6 | dir=in | app=c:program files (x86)steamsteamappscloudythoughts7team fortress 2hl2.exe |

"TCP Query User{DA6E56C3-79CF-4F72-9F2E-B8158841BABE}C:program files (x86)winampwinamp.exe" = protocol=6 | dir=in | app=c:program files (x86)winampwinamp.exe |

"TCP Query User{DC520AD4-9C7D-46BB-AE4B-075A49925A44}C:udkparanormal - beta 4binarieswin32udk.exe" = protocol=6 | dir=in | app=c:udkparanormal - beta 4binarieswin32udk.exe |

"TCP Query User{F4201642-9198-4B1E-8115-8FA48571C1F0}C:program files (x86)sonyvegas pro 9.0vegsrv90.exe" = protocol=6 | dir=in | app=c:program files (x86)sonyvegas pro 9.0vegsrv90.exe |

"TCP Query User{F728161D-C0B8-4804-BF35-A0A5B6BA6C7E}C:program files (x86)googlechromeapplicationchrome.exe" = protocol=6 | dir=in | app=c:program files (x86)googlechromeapplicationchrome.exe |

"UDP Query User{02B017CA-3559-4CB3-8FFF-1F5057224D90}C:program files (x86)javajre7binjavaw.exe" = protocol=17 | dir=in | app=c:program files (x86)javajre7binjavaw.exe |

"UDP Query User{04DF1A30-3156-4C58-A4BF-7278F0346ABD}C:program files (x86)internet exploreriexplore.exe" = protocol=17 | dir=in | app=c:program files (x86)internet exploreriexplore.exe |

"UDP Query User{142A4E46-BFD8-46CA-9212-5EEF1FD62831}C:program files (x86)electronic artseadmcore.exe" = protocol=17 | dir=in | app=c:program files (x86)electronic artseadmcore.exe |

"UDP Query User{1468ADAF-2EE1-41EE-BD53-43F8C8840BB8}C:program files (x86)winampwinamp.exe" = protocol=17 | dir=in | app=c:program files (x86)winampwinamp.exe |

"UDP Query User{23FB0F44-56CB-4AB4-A4E0-F44720D47097}C:program files (x86)steamsteamappscommonterrariatconfigserver.exe" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonterrariatconfigserver.exe |

"UDP Query User{247ACE63-6BA1-4DDA-9600-64ACA7251B38}C:program files (x86)winampwinamp.exe" = protocol=17 | dir=in | app=c:program files (x86)winampwinamp.exe |

"UDP Query User{2C5F28D7-6721-40A9-BD71-CDB525949799}C:program files (x86)steamsteamappscloudythoughts7team fortress 2hl2.exe" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscloudythoughts7team fortress 2hl2.exe |

"UDP Query User{3090BBF4-7039-4C08-BE8D-BB6EB4B9BFBA}C:udkparanormal - beta 4binarieswin32udk.exe" = protocol=17 | dir=in | app=c:udkparanormal - beta 4binarieswin32udk.exe |

"UDP Query User{4779BA00-E86A-4201-BE55-04B935118D66}C:program files (x86)xchatxchat.exe" = protocol=17 | dir=in | app=c:program files (x86)xchatxchat.exe |

"UDP Query User{56C3F2A3-07A0-470A-B0DB-D2AA8D63CDC8}C:program files (x86)steamsteamappscommonglobal agenda livebinariesglobalagenda.exe" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonglobal agenda livebinariesglobalagenda.exe |

"UDP Query User{58E2FA16-0980-419A-8BC7-0A0001EC5C65}C:program files (x86)javajre6binjavaw.exe" = protocol=17 | dir=in | app=c:program files (x86)javajre6binjavaw.exe |

"UDP Query User{5A26EA99-81A1-4578-8FCA-E49A365F150C}C:program files (x86)mozilla firefoxplugin-container.exe" = protocol=17 | dir=in | app=c:program files (x86)mozilla firefoxplugin-container.exe |

"UDP Query User{60EBBC7F-64CF-4B1A-992F-6D83B776C2DD}C:program files (x86)steamsteamappscommonchampions onlinechampions onlinelivegameclient.exe" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonchampions onlinechampions onlinelivegameclient.exe |

"UDP Query User{68DB467D-13D7-4F24-A83C-DC0752A753AC}C:program files (x86)steamsteamappscommonterrariaterrariaserver.exe" = protocol=17 | dir=in | app=c:program files (x86)steamsteamappscommonterrariaterrariaserver.exe |

"UDP Query User{6DB227C9-5CA7-40E0-884B-C9EAA71E8836}C:program files (x86)internet exploreriexplore.exe" = protocol=17 | dir=in | app=c:program files (x86)internet exploreriexplore.exe |

"UDP Query User{6FEF5C33-C323-4381-A2A8-FD403189CAE7}C:program files (x86)javajre6binjava.exe" = protocol=17 | dir=in | app=c:program files (x86)javajre6binjava.exe |

"UDP Query User{81D91D0F-3533-47E7-9DBE-236163A5251E}C:program files (x86)aimaim.exe" = protocol=17 | dir=in | app=c:program files (x86)aimaim.exe |

"UDP Query User{90CF8735-E434-430B-B064-E96C0D15D9C7}C:nexondfodfo.exe" = protocol=17 | dir=in | app=c:nexondfodfo.exe |

"UDP Query User{916D15A6-1B5B-42F6-B1AF-62D723AA2054}C:program files (x86)gametoolsxnaaplayer40.exe" = protocol=17 | dir=in | app=c:program files (x86)gametoolsxnaaplayer40.exe |

"UDP Query User{A12AEA16-2DCA-4D7D-86E2-F4D7A2BA19BB}C:program files (x86)googlechromeapplicationchrome.exe" = protocol=17 | dir=in | app=c:program files (x86)googlechromeapplicationchrome.exe |

"UDP Query User{AF8EAC53-380E-4F20-92A1-153E51C310B9}C:program files (x86)mozilla firefoxfirefox.exe" = protocol=17 | dir=in | app=c:program files (x86)mozilla firefoxfirefox.exe |

"UDP Query User{BBBD5DAF-221D-45D5-AE74-EFA6AE39AD82}C:program files (x86)videolanvlcvlc.exe" = protocol=17 | dir=in | app=c:program files (x86)videolanvlcvlc.exe |

"UDP Query User{CDE52CBA-07A4-4F49-ABA0-467D8E013164}C:program files (x86)sonyvegas pro 9.0vegsrv90.exe" = protocol=17 | dir=in | app=c:program files (x86)sonyvegas pro 9.0vegsrv90.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64

"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour

"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"Shop for HP Supplies" = Shop for HP Supplies

"Theme Resource Changer X64 v1.0" = Theme Resource Changer X64 v1.0

"VLC media player" = VLC media player 2.1.0-git-20120422-0403

"WinRAR archiver" = WinRAR archiver

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{224E185A-DCC7-45C5-B04D-77E6CE82D83E}_is1" = tConfig version 0.22.6

"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help

"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{339C3693-8554-4A25-A664-E0B74D2DFA04}" = Façade

"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{486CC64F-030A-4C9A-8716-87E26D28FKQ1}_is1" = King's Quest I: Quest for the Crown (4.1c)

"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager

"{5600094C-5EA0-4BE8-9ECE-4C9B726AC9D9}" = Sierra Wireless USB MUX Driver Package

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU

"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{634D08B4-CFAC-CCB9-5891-FAB02B3FD9C1}" = TweetDeck

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{729E66B3-1B80-4F3F-8D19-342A89631E0A}_is1" = FLV to AVI Converter

"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management

"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{839BB90D-EB71-4BF1-B20A-52626B7D8B78}" = Terrafirma

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{867D3E0B-B774-4BB6-B439-675E62C6386A}_is1" = WMV Converter 3.2

"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types

"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5

"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder

"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{909EF1B8-9762-400F-B25E-C64C0DEE66EB}" = DTL OTMaster Light 2.0.0

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}" = Sony Media Manager 2.2

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

Edited by RainThunder7
Link to comment
Share on other sites

Annnd the second half of Extras.

 

 

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{f8ed8c7d-6d12-4eb1-9fb9-80e48c357a12}" = Nero 9 Essentials

"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy

"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AIM_7" = AIM 7

"AllToAVI" = AllToAVI v4 r5394

"AnalogX Vocoder" = AnalogX Vocoder

"Audacity_is1" = Audacity 1.2.6

"avast" = avast! Free Antivirus

"AVG Secure Search" = AVG Security Toolbar

"Avira AntiVir Desktop" = Avira Free Antivirus

"AviSynth" = AviSynth 2.5

"Celtx (2.9.1)" = Celtx (2.9.1)

"Clownfish" = Clownfish for Skype

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11

"DFO" = DFOLauncher

"EADM" = EA Download Manager

"eMachines Registration" = eMachines Registration

"eMachines Screensaver" = eMachines ScreenSaver

"eMachines Welcome Center" = Welcome Center

"Furcadia" = Furcadia

"GoldWave v5.52" = GoldWave v5.52

"Google Chrome" = Google Chrome

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Identity Card" = Identity Card

"InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Basic)

"Lexmark 2400 Series" = Lexmark 2400 Series

"LogMeIn Hamachi" = LogMeIn Hamachi

"m3jpegV3" = Morgan M-JPEG codec V3

"MakeItLive" = MakeItLive Plugin

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400

"MapleStory" = MapleStory

"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"MKVToolNix" = MKVToolNix 5.5.0

"Morphyre" = Morphyre

"New LEGO Digital Designer" = LEGO Digital Designer

"Pesterchum" = PESTERCHUM

"PlayFLV" = PlayFLV

"ReadyBroadband" = ReadyBroadband 2.0.0.64

"RPG Maker 2003_is1" = RPG Maker 2003 v1.08

"RPG Maker VX RTP_is1" = RPG Maker VX RTP

"RPG Maker VX_is1" = RPG Maker VX

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Steam App 105600" = Terraria

"Steam App 204060" = Superbrothers: Sword & Sworcery EP

"Steam App 209830" = Lone Survivor

"Steam App 26800" = Braid

"Steam App 34270" = SEGA Genesis & Mega Drive Classics

"Steam App 3830" = Psychonauts

"Steam App 400" = Portal

"Steam App 40800" = Super Meat Boy

"Steam App 40810" = Super Meat Boy Editor

"Steam App 440" = Team Fortress 2

"Steam App 48000" = LIMBO

"Steam App 57300" = Amnesia: The Dark Descent

"Steam App 9880" = Champions Online: Free For All

"Super Screen Recorder_is1" = Super Screen Recorder 4.0

"Super_nude_patch_II_1.0" = Super nude patch II 2.4

"Terraria Game Launcher GUI_is1" = Terraria Game Launcher GUI version 1.2.2

"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine

"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck

"uTorrent" = µTorrent

"Veetle TV" = Veetle TV 0.9.18

"VLC media player" = VLC media player 2.0.2

"VST Bridge_is1" = VST Bridge 1.1

"WakfuNorthAmerica" = Wakfu

"WildTangent emachines Master Uninstall" = eMachines Games

"Winamp" = Winamp

"WinGimp-2.0_is1" = GIMP 2.6.8

"WinLiveSuite" = Windows Live Essentials

"xchat" = XChat 2 (remove only)

"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

"Xvid_is1" = Xvid 1.2.2 final uninstall

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"Dropbox" = Dropbox

"UnityWebPlayer" = Unity Web Player

"Winamp Detect" = Winamp Detector Plug-in

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10/5/2012 8:09:28 PM | Computer Name = Beta_2 | Source = RapiMgr | ID = 8

Description = Windows Mobile-based device failed to connect due to communication

(0x80072745) failure (see data for failure code).

 

Error - 10/5/2012 8:36:43 PM | Computer Name = Beta_2 | Source = RapiMgr | ID = 8

Description = Windows Mobile-based device failed to connect due to communication

(0x80072745) failure (see data for failure code).

 

Error - 10/6/2012 1:32:52 AM | Computer Name = Beta_2 | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = The performance counter explain text string value in the registry

is not formatted correctly. The malformed string is . The first DWORD in the Data

section contains the index value to the malformed string while the second and third

DWORDs in the Data section contain the last valid index values.

 

Error - 10/6/2012 3:51:17 PM | Computer Name = Beta_2 | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = The performance counter explain text string value in the registry

is not formatted correctly. The malformed string is . The first DWORD in the Data

section contains the index value to the malformed string while the second and third

DWORDs in the Data section contain the last valid index values.

 

Error - 10/6/2012 11:19:47 PM | Computer Name = Beta_2 | Source = RapiMgr | ID = 8

Description = Windows Mobile-based device failed to connect due to communication

(0x80072745) failure (see data for failure code).

 

Error - 10/7/2012 12:11:14 AM | Computer Name = Beta_2 | Source = Application Error | ID = 1000

Description = Faulting application name: WNA3100.exe, version: 1.1.2.16, time stamp:

0x4b56d06c Faulting module name: WNA3100.exe, version: 1.1.2.16, time stamp: 0x4b56d06c

Exception

code: 0xc0000005 Fault offset: 0x0003621d Faulting process id: 0x8fc Faulting application

start time: 0x01cda3fad5bf2dc0 Faulting application path: C:Program Files (x86)NETGEARWNA3100WNA3100.exe

Faulting

module path: C:Program Files (x86)NETGEARWNA3100WNA3100.exe Report Id: 083f6660-1035-11e2-821d-4487fc4aeeaa

 

Error - 10/7/2012 1:51:08 AM | Computer Name = Beta_2 | Source = Avira Antivirus | ID = 4122

Description = Unable to load file AvShadow. Returned error code: 0x3fa

 

Error - 10/7/2012 1:59:34 AM | Computer Name = Beta_2 | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = The performance counter explain text string value in the registry

is not formatted correctly. The malformed string is . The first DWORD in the Data

section contains the index value to the malformed string while the second and third

DWORDs in the Data section contain the last valid index values.

 

Error - 10/7/2012 6:15:31 AM | Computer Name = Beta_2 | Source = MsiInstaller | ID = 10005

Description =

 

Error - 10/7/2012 6:22:53 AM | Computer Name = Beta_2 | Source = MsiInstaller | ID = 10005

Description =

 

Error - 10/7/2012 4:00:30 PM | Computer Name = Beta_2 | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = The performance counter explain text string value in the registry

is not formatted correctly. The malformed string is . The first DWORD in the Data

section contains the index value to the malformed string while the second and third

DWORDs in the Data section contain the last valid index values.

 

[ OSession Events ]

Error - 8/5/2011 8:45:39 PM | Computer Name = Beta_2 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 90

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 10/6/2012 1:24:23 AM | Computer Name = Beta_2 | Source = EventLog | ID = 6008

Description = The previous system shutdown at 12:05:07 AM on ?10/?6/?2012 was unexpected.

 

Error - 10/6/2012 1:24:25 AM | Computer Name = BETA_2 | Source = BugCheck | ID = 1001

Description =

 

Error - 10/7/2012 12:11:01 AM | Computer Name = Beta_2 | Source = Service Control Manager | ID = 7034

Description = The Skype C2C Service service terminated unexpectedly. It has done

this 1 time(s).

 

Error - 10/7/2012 12:11:02 AM | Computer Name = Beta_2 | Source = Service Control Manager | ID = 7034

Description = The hpqcxs08 service terminated unexpectedly. It has done this 1

time(s).

 

Error - 10/7/2012 12:11:02 AM | Computer Name = Beta_2 | Source = Service Control Manager | ID = 7034

Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.

It has done this 1 time(s).

 

Error - 10/7/2012 12:24:36 AM | Computer Name = Beta_2 | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

 

Error - 10/7/2012 1:47:09 AM | Computer Name = Beta_2 | Source = Application Popup | ID = 1060

Description = ??C:ComboFixcatchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

 

Error - 10/7/2012 1:48:54 AM | Computer Name = Beta_2 | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

 

Error - 10/7/2012 1:49:05 AM | Computer Name = Beta_2 | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

 

Error - 10/7/2012 1:49:07 AM | Computer Name = Beta_2 | Source = DCOM | ID = 10010

Description =

 

 

< End of report >

Link to comment
Share on other sites

Hello,

 

Apparently this log is too long for the forum lol. You can just attach the log next time. Sorry about that.

 

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:AdwCleaner[s1].txt as well.
===================================================

 

Please get a new OTL scan log.

 

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • UNCheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
===================================================

 

On your next reply please post :

adwCleaner report

Fresh OTL log

Any redirects now?

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Okay, files attached.

 

As for my status....

 

Since my move to Google Chrome (and the extensive removal of all Firefox content) I've not had the redirects occur, though my use of Google has been seldom. I tested a moment ago by searching for something and clicking a dozen results to see if any would redirect to a different site, none did.

 

Back when I made the initial thread I mentioned I had tried Chrome out to see if the redirects would occur there and they did, so the fact it isn't happening now DOES show progress! Hopefully the logs say so as well.

AdwCleanerS1.txt

OTL.Txt

Link to comment
Share on other sites

Yup, the log does agree that we are seeing some progress here. :)

 

You have 3 different security software - AVG, Avast, and Avira. While it may seem to offer better protection, but what it does is the complete opposite. There might be conflict in between them where one says this and the other doesn't think that way which result in slowing down the system or possibly a crash. Uninstall 2 of them and leave only one in the system is the best way to have good protection.

 

We will just be removing some remnants found, nothing biggie.

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :OTL
    O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
    O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
    O3 - HKLM..Toolbar: (no name) - {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - No CLSID value found.
    O3 - HKLM..Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
    O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU..ToolbarWebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKCU..ToolbarWebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..Run: [] File not found
    @Alternate Data Stream - 984 bytes -> C:UsersGarrettAppDataLocalBpZLO4Jbk3:584ksoTfjxcSEoGWLiEVCZF
    @Alternate Data Stream - 121 bytes -> C:ProgramDataTEMP:DFC5A2B2
    @Alternate Data Stream - 1112 bytes -> C:ProgramDataMicrosoft:ckvFBi7jzt7dJTRFdVKRQ
    @Alternate Data Stream - 1102 bytes -> C:Program Files (x86)Common FilesSystem:ixdpfbk6Yyz0qxZbq3lclDFB
    @Alternate Data Stream - 110 bytes -> C:ProgramDataTEMP:888AFB86
    @Alternate Data Stream - 109 bytes -> C:ProgramDataTEMP:A8ADE5D8
    @Alternate Data Stream - 1076 bytes -> C:ProgramDataMicrosoft:WoQLvUNTBdehksVnwNSZ
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
===================================================

 

On your next reply please post :

OTL fix log

Fresh OTL log

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Apparently I'm not permitted to upload the other log file, not sure why but I'll paste its contents here.

 

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{56361A71-4E9F-401D-9E12-8AEAA3D7A672} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56361A71-4E9F-401D-9E12-8AEAA3D7A672}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

ADS C:\Users\Garrett\AppData\Local\BpZLO4Jbk3:584ksoTfjxcSEoGWLiEVCZF deleted successfully.

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

ADS C:\ProgramData\Microsoft:ckvFBi7jzt7dJTRFdVKRQ deleted successfully.

ADS C:\Program Files (x86)\Common Files\System:ixdpfbk6Yyz0qxZbq3lclDFB deleted successfully.

ADS C:\ProgramData\TEMP:888AFB86 deleted successfully.

ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.

ADS C:\ProgramData\Microsoft:WoQLvUNTBdehksVnwNSZ deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56504 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Garrett

->Temp folder emptied: 2273093 bytes

->Temporary Internet Files folder emptied: 10343965 bytes

->Java cache emptied: 15138542 bytes

->Google Chrome cache emptied: 7594097 bytes

->Flash cache emptied: 57814 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: sam

->Temp folder emptied: 0 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56466 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 634256 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84081 bytes

RecycleBin emptied: 294378 bytes

 

Total Files Cleaned = 35.00 mb

 

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 10082012_113052

 

Files\Folders moved on Reboot...

C:\Users\Garrett\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Garrett\AppData\Local\Temp\WERBF68.tmp.resp.erc.xml not found!

File\Folder C:\Users\Garrett\AppData\Local\Temp\WERBF69.tmp.resp not found!

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

OTL.Txt

Link to comment
Share on other sites

Hi,

 

Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
===================================================

 

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

 

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:Program FilesESETESET Online Scannerlog.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Make sure you saved the log somewhere else. Select Uninstall application on close check box and push Posted Image
===================================================

 

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware here and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:

    C:Documents and SettingsUsernameApplication DataMalwarebytesMalwarebytes' Anti-MalwareLogsmbam-log-date (time).txt

  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

 

===================================================

 

On your next reply please post :

ESET log

MBAM log

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Alrighty, took a while to complete this first one - I ended up having the computer run overnight to finish it. Anyway, it just found one threat and MBAM found nothing.

 

I forgot to ask before, but re: getting rid of some of my protection, what would you recommend I keep out of Avast, Avira and AVG?

log.txt

mbam-log-2012-10-09 (13-56-55).txt

Link to comment
Share on other sites

All three are good. In my personal experience, I like them all three but Avira tends to have a lot more false positives. That is quite some time ago and I'm not sure if it's applicable for today. Just keep the ones that you like the most. The most important thing is to watch out on what you're surfing and downloads.

 

ESET detected ComboFix quarantine folder, it won't pose threats anymore.

 

Time for some house keeping you have no questions to ask. :)

 

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

 

===================================================

 

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
===================================================

 

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

 

--------------------------------------------------------------------------------------------------------------

 

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

 

 

Passwords

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

 

 

SPYWARE PREVENTION

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

Do you have any questions or problems to ask? Please do not hesitate to do so.

 

**Please respond this one more time to ensure it is resolved and close this topic.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...