Reply to thread

Message: <blockquote data-quote="TheRandomMan1000" data-source="post: 121507" data-attributes="member: 8372">JRT Scan results:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows 7 Ultimate x64Ran by Alex on Mon 05/20/2013 at 16:46:48.59~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220022342291}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{22222222-2222-2222-2222-220022342291}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3D949F80-78E3-49C2-86CE-1920CCABE46A}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\Users\Alex\appdata\local\discount buddy"Successfully deleted: [Folder] "C:\Users\Alex\appdata\local\downloadterms"Successfully deleted: [Folder] "C:\Program Files (x86)\discount buddy"Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{00B11446-93C9-4274-B6E3-BAFC478A4862}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{01217FF8-88D9-4921-8939-AF28D068ADE6}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{025D68FC-E5F1-4233-B97E-2542F9F81765}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{058F545F-524D-4435-84E2-5EEAEF15F45E}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{0A4F3501-542E-4070-8CBB-0BDED4C41CD5}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{0f94bd11-6fbe-48e0-345b-8afe712f8c5b}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{259277D5-1573-47ED-BA5F-FF8566675047}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{39650011-54F1-46ED-B36A-011EA207CC9F}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{3BD9DE72-81CA-4853-9F0C-FD66F984F8FE}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{3E5C7D95-9B5A-468D-B9A3-E8FB3B95A149}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{443773A8-AEC8-4C79-A7A2-464F5EBE0CE2}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{4A1625B0-4B27-42A2-A7C3-CE509579E731}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{4E917500-D1B2-4BC2-88D8-D152650B1352}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{54E9A707-7B32-4698-80B7-A924510E84CC}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{5A0B7E73-E26D-491B-897C-6A6ABF8C23DA}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{64BD4E2C-F96D-4593-A853-373159D80205}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{6A0EE75A-63AB-44F1-8BA7-BD7682130F24}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{6BC62B88-6FBB-4C0F-AFAF-1F1E1BB41165}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{7E002796-9C1C-4691-85D7-0163DDE63BB1}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{7FD9D138-3549-404A-B1E5-FCA1585093E8}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{814191FC-E2B4-41EC-A418-9639BC71444A}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{88983F2D-BFBC-4A31-B699-A49710ABB4F8}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{8F4FDA30-7AC1-4AC7-A0DB-1084A2A23240}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{91C45BB9-3908-43AB-AABF-54A6BD074446}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{94130712-E9C1-4304-8E92-D8069EC035C5}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{997ED47A-D72D-49CC-82DA-65BED80538CC}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{9FBB3281-35C7-4EEE-B009-0CE1C93411AE}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{A77DABCE-3BF6-4C09-9573-BEB09B2A64B8}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{AD553F63-F3F9-4732-89CD-6A93263D2EEF}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{B46CA0A4-A91C-47AF-BA35-38FDC6080146}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{C2435360-BEEA-4795-A7D5-BC54F0F1A540}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{CB0C21DA-5A8A-40E2-882B-96274913CFC9}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{D3A7CC36-E28D-4254-A854-6FEB6A176F72}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{D603B701-E8C9-486B-A202-44AC528BD4FD}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{DD0492AD-BA4A-4BDA-8E80-70D6286A18E3}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{E8017697-CDA0-4833-89D1-D2FA629BDE41}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{FB3CA476-B016-4F41-934B-E2E3A040BD65}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{FEC0A0B3-0A3F-487D-A3D5-57E28187008E}Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{FFBDEE09-5AD9-4D0A-A456-2101E6E5BBD1}~~~ ChromeDumping contents of C:\Users\Alex\appdata\local\Google\Chrome\User Data\Default\DefaultC:\Users\Alex\appdata\local\Google\Chrome\User Data\Default\Default\aagggcdcdjdfdagedidfdbddgddcgdgbC:\Users\Alex\appdata\local\Google\Chrome\User Data\Default\Default\aagggcdcdjdfdagedidfdbddgddcgdgb\background.jsC:\Users\Alex\appdata\local\Google\Chrome\User Data\Default\Default\aagggcdcdjdfdagedidfdbddgddcgdgb\manifest.jsonSuccessfully deleted: [Folder] C:\Users\Alex\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 05/20/2013 at 16:48:55.89End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Regular OTL txt file:OTL logfile created on: 5/20/2013 4:51:36 PM - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alex\Downloads64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16540)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.92 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 75.20% Memory free15.84 Gb Paging File | 13.47 Gb Available in Paging File | 85.04% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 111.69 Gb Total Space | 2.01 Gb Free Space | 1.80% Space Free | Partition Type: NTFSDrive D: | 931.51 Gb Total Space | 795.39 Gb Free Space | 85.39% Space Free | Partition Type: NTFSDrive Z: | 296.98 Gb Total Space | 52.66 Gb Free Space | 17.73% Space Free | Partition Type: NTFS Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC -  File not foundPRC - C:\Users\Alex\Downloads\OTL.exe (OldTimer Tools)PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()PRC - D:\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)PRC - D:\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)PRC - D:\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)PRC - D:\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)PRC - C:\Program Files\Plantronics\GameCom780\GameCom780.exe ()PRC - C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)  ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()MOD - C:\Program Files (x86)\Steam\SDL2.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()MOD - D:\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()MOD - D:\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()MOD - D:\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()MOD - D:\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()MOD - D:\Spybot - Search & Destroy 2\DEC150.bpl ()MOD - C:\Program Files\Plantronics\GameCom780\GameCom780.exe ()MOD - C:\Program Files\Plantronics\GameCom780\VMixPLGC.dll ()  ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll ()SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)SRV - (HiPatchService) -- D:\HiPatchService.exe (Hi-Rez Studios)SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)  ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.)DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.)DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.)DRV:64bit: - (PlantronicsGC) -- C:\Windows\SysNative\drivers\PLTGC.sys (C-Media Electronics Inc)DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDtByB0DtCtCyByBtByBzztN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1241336703IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/searchIE - HKLM\..\SearchScopes\{70A52E59-43E0-49CB-D55D-553776076662}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKCU\..\SearchScopes,DefaultScope = {15FF7779-9A1D-45EA-94B0-7F43169631FD}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKCU\..\SearchScopes\{15FF7779-9A1D-45EA-94B0-7F43169631FD}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBoxIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS464IE - HKCU\..\SearchScopes\{70A52E59-43E0-49CB-D55D-553776076662}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS464IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: trueFF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll ()FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\Alex\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-3ebe0cca16b6421c\\NPRobloxProxy.dll ()FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/12 17:18:12 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{56A322A2-E00C-11E1-8270-B8AC6F996F26}: C:\Users\Alex\AppData\Local\{56A322A2-E00C-11E1-8270-B8AC6F996F26}\ [2012/08/06 17:19:02 | 000,000,000 | ---D | M] [2012/07/31 20:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions[2013/05/20 16:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\jtlcsyx3.default\extensions[2013/04/22 20:36:20 | 000,000,000 | ---D | M] ("Discount Buddy") -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\jtlcsyx3.default\extensions\41ed8dee-33ed-4769-bdf4-2707c4199b97@45a3c648-db86-4b41-92e2-a77bbbf91f1d.com[2013/03/19 20:19:24 | 000,000,000 | ---D | M] (Tidy Network) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\jtlcsyx3.default\extensions\tidynetwork@tidynetwork[2013/04/22 20:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\jtlcsyx3.default\extensions\41ed8dee-33ed-4769-bdf4-2707c4199b97@45a3c648-db86-4b41-92e2-a77bbbf91f1d.com\chrome\content\extensionCode[2013/03/29 21:35:31 | 000,001,098 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\jtlcsyx3.default\searchplugins\whitesmoke-us-customized-web-search.xml[2013/03/12 17:18:12 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXTFile not found (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JTLCSYX3.DEFAULT\EXTENSIONS\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}File not found (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JTLCSYX3.DEFAULT\EXTENSIONS\PFODYNVLKI@PFODYNVLKI.ORG.XPI ========== Chrome  ========== CHR - default_search_provider: Conduit (Enabled)CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3198785CHR - default_search_provider: suggest_url = http://search.conduit.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dllCHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllCHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllCHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dllCHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dllCHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files (x86)\Roblox\Versions\version-3ebe0cca16b6421c\\NPRobloxProxy.dllCHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllCHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllCHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllCHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllCHR - plugin: Square Enix Secure Launcher (Enabled) = C:\Users\Alex\AppData\LocalLow\Square Enix\nprun3d.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dllCHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll O1 HOSTS File: ([2013/05/17 17:52:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll ()O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)O2 - BHO: (no name) - {F74E10BB-A169-4399-B121-183935962F67} - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe ()O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)O4 - HKLM..\Run: [SDTray] D:\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)O4 - HKCU..\Run: [Spybot-S&D Cleaning] D:\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll ()O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)O13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A86FAE21-4B43-4483-93B7-531947419FDB}: DhcpNameServer = 192.168.1.1O18:64bit: - Protocol\Handler\gcf - No CLSID value foundO18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll ()O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010/11/24 19:50:10 | 000,000,000 | ---D | M] - Z:\AutoText -- [ NTFS ]O32 - AutoRun File - [2011/12/25 13:54:54 | 000,000,000 | ---D | M] - Z:\Auto Text 08072011 -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/20 16:46:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/05/20 16:46:42 | 000,000,000 | ---D | C] -- C:\JRT[2013/05/19 09:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET[2013/05/19 09:51:10 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe[2013/05/19 09:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro[2013/05/19 09:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro[2013/05/19 09:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro[2013/05/19 09:36:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\RK_Quarantine[2013/05/19 09:29:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2013/05/19 08:26:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/05/19 08:13:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\ProcAlyzer Dumps[2013/05/19 08:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy[2013/05/19 08:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2[2013/05/19 08:13:07 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe[2013/05/17 21:53:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\Tracing[2013/05/17 17:56:50 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys[2013/05/17 17:56:50 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll[2013/05/16 22:18:47 | 000,000,000 | ---D | C] -- C:\found.000[2013/05/15 20:14:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll[2013/05/09 08:19:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ROBLOX Corporation[2013/05/03 20:39:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Pokemon Emulator[2013/04/30 19:39:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\LoneSurvivor[2013/04/25 15:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client[2013/04/25 15:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client[2013/04/21 20:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013/05/20 16:48:27 | 000,782,748 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/05/20 16:48:27 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/05/20 16:48:27 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/05/20 16:47:38 | 000,015,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/05/20 16:47:38 | 000,015,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/05/20 16:46:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/05/20 16:42:43 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/05/20 16:42:32 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys[2013/05/20 16:42:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/05/20 16:42:26 | 2082,299,903 | -HS- | M] () -- C:\hiberfil.sys[2013/05/20 16:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/05/19 09:51:10 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe[2013/05/19 08:27:30 | 000,000,759 | ---- | M] () -- C:\Windows\wininit.ini[2013/05/19 08:13:09 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk[2013/05/18 03:01:16 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI[2013/05/17 18:11:14 | 003,270,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/05/17 17:52:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/05/17 17:47:02 | 000,000,067 | ---- | M] () -- C:\Users\Alex\Desktop\Minecraft.cmd[2013/05/15 23:25:48 | 000,001,141 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk[2013/05/15 21:21:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/05/15 21:21:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013/04/25 15:16:36 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk[2013/04/24 16:24:55 | 000,002,319 | ---- | M] () -- C:\Users\Alex\Documents\mcedit.ini ========== Files Created - No Company Name ========== [2013/05/19 08:27:27 | 000,000,759 | ---- | C] () -- C:\Windows\wininit.ini[2013/05/19 08:13:09 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk[2013/05/19 08:13:09 | 000,000,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk[2013/05/17 17:47:02 | 000,000,067 | ---- | C] () -- C:\Users\Alex\Desktop\Minecraft.cmd[2013/05/15 23:25:48 | 000,001,141 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk[2013/04/25 15:16:36 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk[2013/03/17 22:33:42 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl[2013/03/17 22:33:41 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg[2013/03/17 22:33:41 | 000,000,610 | ---- | C] () -- C:\Windows\PLTGC.ini.imi[2013/03/17 22:33:41 | 000,000,495 | ---- | C] () -- C:\Windows\PLTGC.ini[2012/12/25 11:25:48 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2012/12/25 10:45:52 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe[2012/12/19 15:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat[2012/12/19 15:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat[2012/12/09 22:07:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/12/09 22:07:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/12/09 22:07:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/12/09 22:07:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/12/09 22:07:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/10/18 07:33:10 | 000,038,520 | ---- | C] () -- C:\Windows\SysWow64\RGBAcodec.dll[2012/10/06 14:45:21 | 000,003,989 | ---- | C] () -- C:\Users\Alex\AppData\Local\recently-used.xbel[2012/09/09 14:45:22 | 059,884,088 | ---- | C] () -- C:\Windows\SysWow64\MRT.exe[2012/08/06 19:44:02 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini[2012/07/21 14:53:57 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll[2012/07/21 14:53:57 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll[2012/07/21 14:53:55 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll[2012/06/19 17:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe[2012/06/18 16:24:56 | 000,016,384 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll[2012/01/12 17:37:33 | 000,776,472 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/01/01 20:20:44 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll[2012/01/01 20:20:40 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll[2011/12/26 15:04:46 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini[2011/12/26 13:43:16 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys[2011/12/26 13:42:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2011/12/26 13:38:17 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll[2011/12/26 13:36:14 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll[2011/12/26 13:36:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2011/12/26 13:36:14 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2011/12/26 13:36:14 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[2011/12/26 13:36:14 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2011/12/26 13:34:28 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"ThreadingModel" = Both"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/05/19 20:49:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft[2012/08/17 14:12:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.Nitrous[2013/03/02 10:32:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.techniclauncher[2013/05/19 11:52:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Audacity[2012/07/29 19:02:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Backup.minecraft[2012/07/20 18:45:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bioshock[2012/01/13 18:51:06 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Blender Foundation[2013/02/23 13:56:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Braid[2013/03/17 22:31:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Canon[2013/05/17 05:56:45 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant[2013/03/02 10:33:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ftblauncher[2013/04/06 23:03:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\gtk-2.0[2012/01/02 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\IObit[2012/03/09 15:45:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\JAM Software[2012/06/28 14:18:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leawo[2013/04/30 19:39:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LoneSurvivor[2013/02/27 15:44:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mumble[2012/03/24 11:51:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ooVoo Details[2013/03/10 16:04:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Origin[2012/02/25 09:47:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\pymclevel[2012/03/18 20:01:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\RotMG.Production[2012/06/25 16:48:50 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SplitMediaLabs[2012/08/18 20:03:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SumatraPDF[2013/04/02 16:21:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Synthesia[2012/06/28 14:18:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\tiger-k[2013/05/15 20:19:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TS3Client[2012/04/12 13:00:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ts3overlay[2013/03/29 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TunkDesign[2011/12/29 20:01:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent ========== Purity Check ==========  < End of report >Extra OTL file:OTL Extras logfile created on: 5/20/2013 4:51:36 PM - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alex\Downloads64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16540)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.92 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 75.20% Memory free15.84 Gb Paging File | 13.47 Gb Available in Paging File | 85.04% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 111.69 Gb Total Space | 2.01 Gb Free Space | 1.80% Space Free | Partition Type: NTFSDrive D: | 931.51 Gb Total Space | 795.39 Gb Free Space | 85.39% Space Free | Partition Type: NTFSDrive Z: | 296.98 Gb Total Space | 52.66 Gb Free Space | 17.73% Space Free | Partition Type: NTFS Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ==========  ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"D:\Spybot - Search & Destroy 2\SDTray.exe" = D:\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)"D:\Spybot - Search & Destroy 2\SDFSSvc.exe" = D:\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)"D:\Spybot - Search & Destroy 2\SDUpdate.exe" = D:\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)"D:\Spybot - Search & Destroy 2\SDUpdSvc.exe" = D:\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)"D:\Spybot - Search & Destroy 2\SDTray.exe" = D:\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)"D:\Spybot - Search & Destroy 2\SDFSSvc.exe" = D:\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)"D:\Spybot - Search & Destroy 2\SDUpdate.exe" = D:\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)"D:\Spybot - Search & Destroy 2\SDUpdSvc.exe" = D:\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)  ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{1873326F-4D25-4CB3-8FA3-DA9E6D1E1F64}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{49E95F25-A6C0-4472-B21D-F6999CC3A184}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{639BD5B4-3752-49BD-A4FC-1E291B43311B}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{99475FEE-F79B-48F1-8008-44903DB16201}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D9E6F101-3A22-47DC-B402-061F42AAB3B7}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |  ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{44630A15-5737-411C-BA4A-13B443EB9648}C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe | "TCP Query User{5E98FC54-CFDE-4F65-91F7-7BCEC712BB3E}C:\program files (</blockquote>

Verification

Top