Author Topic: [Resolved] (Avast! Network shield) "Malicious url blocked" popping up (Read 8224 times)

vladinuto · « **Reply #30 on:** June 28, 2012, 07:04:21 PM »

Ok and thanks for everything you've been doing for me :D

Hoov · « **Reply #31 on:** June 28, 2012, 08:52:15 PM »

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Copy the text between the two lines below and paste it into the Custom Scans/Fixes box
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

vladinuto · « **Reply #32 on:** June 29, 2012, 07:45:01 AM »

OTL LOG------->
OTL logfile created on: 6/29/2012 12:49:23 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\ammarlis\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 48.74% Memory free
3.50 Gb Paging File | 2.23 Gb Available in Paging File | 63.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.81 Gb Total Space | 311.09 Gb Free Space | 68.55% Space Free | Partition Type: NTFS
Drive D: | 11.85 Gb Total Space | 1.37 Gb Free Space | 11.55% Space Free | Partition Type: NTFS

Computer Name: AMMARLIS-HP | User Name: ammarlis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ammarlis\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe (http://yourfiledownloader.com)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)

========== Modules (No Company Name) ==========

MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\imagutil.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (lxec_device) -- C:\Windows\SysNative\lxeccoms.exe ( )
SRV:64bit: - (lxecCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Bandoo Coordinator) -- C:\Program Files (x86)\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (WSWNDA3100) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (lxec_device) -- C:\Windows\SysWOW64\lxeccoms.exe ( )
SRV - (lxecCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0003002
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3059010
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0003002

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=HP_ss&mntrId=b6d72969000000000000204e7fdf1ba7
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0B6F0D48-2589-4F7B-A1B1-72C4DD42693A}: "URL" = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=68f5ea9437a24321ae5f6c8f0315e5bd
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=060612_7_&babsrc=SP_ss&mntrId=b6d72969000000000000204e7fdf1ba7
IE - HKCU\..\SearchScopes\{1522904C-D754-4340-B4B8-3CF0A8A43412}: "URL" = http://isearch.avg.com/search?cid={B37DCD7A-4C7D-4776-84E0-4DD19A1B88B6}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
IE - HKCU\..\SearchScopes\{42BA888D-E705-42D5-B31A-FB0052F8BE17}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=APN10379&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABE&apn_dtid=^YYYYYY^YY^US&apn_uid=a5e98053-f4fb-4b14-b341-ce05dcb84fc6&apn_sauid=AE230C05-91AC-4EA2-BB09-A53FF1C4A91E
IE - HKCU\..\SearchScopes\{72FFCF45-4C35-4B6F-AB30-C1004B24EDFA}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=63263&p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE - HKCU\..\SearchScopes\{C5F57FF6-6A9A-42DC-9E79-AF79495DA3ED}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb143/?search={searchTerms}&loc=IB_DS&a=6R8u1NU9Yr&i=26
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0003002
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=HP_ss&mntrId=b6d72969000000000000204e7fdf1ba7"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ammarlis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ammarlis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ammarlis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/25 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/25 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/08 01:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 12:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/23 12:06:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.1\FF [2011/07/31 13:50:20 | 000,000,000 | ---D | M]

[2011/07/31 13:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Extensions
[2011/07/31 13:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/06/27 17:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Firefox\Profiles\d9is01ze.default\extensions
[2012/06/15 21:08:10 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Firefox\Profiles\d9is01ze.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/06/27 17:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Firefox\Profiles\d9is01ze.default\extensions\staged
[2012/06/03 13:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Firefox\Profiles\d9is01ze.default\jetpack\FantapperExtension@brandaffinity.net
[2012/06/03 13:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Firefox\Profiles\d9is01ze.default\jetpack\FantapperExtension@brandaffinity.net\simple-storage
[2012/06/14 20:19:30 | 000,000,919 | ---- | M] () -- C:\Users\ammarlis\AppData\Roaming\Mozilla\Firefox\Profiles\d9is01ze.default\searchplugins\conduit.xml
[2012/06/03 00:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/03 00:55:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/08 01:18:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/03 13:24:20 | 000,086,818 | ---- | M] () (No name found) -- C:\USERS\AMMARLIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D9IS01ZE.DEFAULT\EXTENSIONS\ONECLICKDOWNLOADER@ONECLICKDOWNLOADER.COM.XPI
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/20 12:54:54 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 12:54:56 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/04/20 21:18:25 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2012/06/18 12:58:12 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/27 09:28:28 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2012/04/20 21:18:25 | 000,003,413 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/20 21:18:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/04/20 21:18:25 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ammarlis\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\ammarlis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.440_0\npbrowserext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Display Engine v2 (Enabled) = C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npnxgame.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ammarlis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

vladinuto · « **Reply #33 on:** June 29, 2012, 07:46:19 AM »

O1 HOSTS File: ([2012/06/28 00:50:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "" File not found
O4 - Startup: C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\ammarlis\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - Reg Error: Key error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A6B46-8E4B-4404-B7B1-69E6039A048A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98ED6793-7149-4B9D-95FA-55106A7E1BD3}: NameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD21BC46-03F5-448F-A7CF-B71C8BF46C7E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\PROGRA~2\Bandoo\BndHook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 13:23:47 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\ikiller16's custom map
[2012/06/28 00:57:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/28 00:50:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/28 00:38:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/28 00:35:42 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\Logs
[2012/06/27 23:02:53 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\[In Progress] (Avast! Network shield) Malicious url blocked popping up_files
[2012/06/27 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\ABSpace_ByFuegazo86
[2012/06/27 20:04:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/27 19:59:54 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ammarlis\Desktop\TDSSKiller.exe
[2012/06/27 17:40:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/27 17:40:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/27 17:40:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/27 17:40:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/27 17:39:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/27 17:34:23 | 004,570,514 | R--- | C] (Swearware) -- C:\Users\ammarlis\Desktop\ComboFix.exe
[2012/06/27 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\YourFileDownloader
[2012/06/27 09:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
[2012/06/27 09:16:02 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\SpeedMaxPc
[2012/06/27 09:16:02 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\DriverCure
[2012/06/27 09:15:53 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedMaxPc
[2012/06/27 09:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/06/26 20:50:27 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\ammarlis\Desktop\minecraft (1).exe
[2012/06/26 16:02:27 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\GoTube
[2012/06/25 21:26:56 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/25 21:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/25 21:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/25 21:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/23 13:06:57 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Local\Norman Malware Cleaner
[2012/06/23 12:11:08 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\Coupon_files
[2012/06/23 12:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/06/23 12:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/06/21 17:30:33 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 17:30:33 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 17:30:32 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 17:29:54 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 17:29:53 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 17:29:53 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 17:29:00 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 17:28:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/18 13:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/18 12:56:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/18 12:56:33 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2012/06/18 12:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2012/06/18 12:22:34 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012/06/18 12:22:34 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012/06/18 12:22:27 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012/06/18 12:22:27 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/06/18 12:22:16 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012/06/18 12:22:16 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012/06/18 12:22:16 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012/06/18 12:22:12 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012/06/18 12:22:12 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012/06/18 12:22:07 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012/06/18 12:22:07 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012/06/18 12:22:03 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012/06/18 12:22:03 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012/06/18 12:22:02 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012/06/18 12:22:02 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012/06/18 12:21:56 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012/06/18 12:21:56 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012/06/18 12:21:45 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012/06/18 12:21:45 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/06/18 12:21:45 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012/06/18 12:21:45 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/06/18 12:21:37 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/06/18 12:21:37 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012/06/18 12:21:28 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012/06/18 12:21:28 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/06/18 12:21:20 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012/06/18 12:21:20 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/06/18 12:21:20 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012/06/18 12:21:20 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/06/18 12:21:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/06/18 12:21:12 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012/06/18 12:21:09 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012/06/18 12:21:09 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/06/18 12:21:08 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012/06/18 12:21:08 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/06/18 12:21:04 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012/06/18 12:21:04 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/06/18 12:20:58 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012/06/18 12:20:58 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012/06/18 12:20:58 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012/06/18 12:20:58 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012/06/18 12:20:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012/06/18 12:20:52 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012/06/18 12:20:49 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012/06/18 12:20:49 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012/06/18 12:20:45 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012/06/18 12:20:45 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012/06/18 12:20:45 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012/06/18 12:20:45 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012/06/18 12:20:40 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012/06/18 12:20:40 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012/06/18 12:20:33 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012/06/18 12:20:33 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012/06/18 12:20:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012/06/18 12:20:24 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012/06/18 12:20:20 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012/06/18 12:20:20 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012/06/18 12:20:12 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012/06/18 12:20:12 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012/06/18 12:20:12 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012/06/18 12:20:12 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012/06/18 12:20:04 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012/06/18 12:20:04 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012/06/18 12:19:59 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012/06/18 12:19:59 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012/06/18 12:19:49 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012/06/18 12:19:49 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012/06/18 12:19:49 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012/06/18 12:19:49 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012/06/18 12:19:44 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012/06/18 12:19:44 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012/06/18 12:19:32 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012/06/18 12:19:32 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012/06/18 12:19:28 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012/06/18 12:19:28 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012/06/18 12:19:28 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012/06/18 12:19:28 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012/06/18 12:19:24 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012/06/18 12:19:24 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012/06/18 12:19:19 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012/06/18 12:19:19 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012/06/18 12:19:19 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012/06/18 12:19:19 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012/06/18 12:19:17 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012/06/18 12:19:17 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012/06/18 12:19:16 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012/06/18 12:19:16 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012/06/18 12:19:12 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012/06/18 12:19:12 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012/06/18 12:19:10 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012/06/18 12:19:10 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012/06/18 12:19:05 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012/06/18 12:19:05 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012/06/18 12:19:02 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012/06/18 12:19:02 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012/06/18 12:19:01 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012/06/18 12:19:01 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012/06/18 12:18:57 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012/06/18 12:18:57 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012/06/18 12:18:49 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012/06/18 12:18:49 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012/06/18 12:18:45 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012/06/18 12:18:45 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012/06/18 12:18:44 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012/06/18 12:18:44 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012/06/18 12:18:30 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012/06/18 12:18:30 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012/06/18 12:18:30 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012/06/18 12:18:30 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012/06/18 12:18:26 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/06/18 12:18:26 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012/06/18 12:18:21 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012/06/18 12:18:21 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012/06/18 12:18:19 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012/06/18 12:18:19 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012/06/18 12:12:07 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2K Sports
[2012/06/18 11:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Sports
[2012/06/17 13:14:10 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\Malwarebytes
[2012/06/17 13:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/17 13:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/17 13:14:00 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/17 13:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/17 13:10:50 | 056,731,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/06/15 21:08:33 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Local\CRE
[2012/06/15 21:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/06/15 21:05:44 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\IMVU
[2012/06/15 21:05:01 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\IMVUClient
[2012/06/13 17:10:01 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Documents\NFS Carbon
[2012/06/13 17:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/06/13 16:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/06/13 16:56:19 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012/06/13 16:56:19 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012/06/13 16:56:17 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012/06/13 16:56:17 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012/06/13 16:56:13 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012/06/13 16:56:13 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012/06/13 16:55:59 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012/06/13 16:55:55 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012/06/13 16:55:55 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012/06/13 16:55:55 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012/06/13 16:55:55 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012/06/13 16:55:54 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012/06/13 16:55:54 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012/06/13 16:55:51 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012/06/13 16:55:50 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012/06/13 16:55:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012/06/13 16:55:47 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012/06/13 16:55:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012/06/13 16:55:44 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012/06/13 16:55:44 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012/06/13 16:55:40 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012/06/13 16:55:40 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012/06/13 09:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/06/13 09:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/12 23:42:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/12 23:42:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/12 23:42:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/12 23:42:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/12 23:42:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/12 23:42:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/12 23:42:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/12 23:42:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/12 23:42:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/12 23:42:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/12 23:42:24 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/12 23:42:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/12 23:42:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/12 21:53:40 | 000,000,000 | R--D | C] -- C:\Users\ammarlis\Desktop\;

vladinuto · « **Reply #34 on:** June 29, 2012, 07:48:03 AM »

[2012/06/12 16:50:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/12 16:50:12 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/12 16:50:11 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/12 16:49:56 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/12 16:49:51 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/12 16:49:50 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 16:49:32 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/12 16:49:05 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 16:49:02 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/10 16:57:58 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\TestApp
[2012/06/09 11:11:52 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Local\Macromedia
[2012/06/04 22:59:25 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\.minecraft
[2012/06/03 13:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/06/01 18:02:56 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/01 18:02:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/01 16:49:29 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Local\Mozilla
[2012/06/01 16:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/01 16:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/29 00:41:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 00:21:04 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/29 00:05:22 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000UA.job
[2012/06/28 22:00:07 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000UA.job
[2012/06/28 22:00:03 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000Core.job
[2012/06/28 13:07:43 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/28 13:07:43 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/28 13:07:43 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/28 13:00:13 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 12:54:14 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 12:54:14 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 12:42:19 | 000,000,927 | ---- | M] () -- C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2012/06/28 12:41:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/28 12:41:10 | 1408,720,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 09:03:18 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000Core.job
[2012/06/28 00:50:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/27 23:02:53 | 000,039,588 | ---- | M] () -- C:\Users\ammarlis\Desktop\[In Progress] (Avast! Network shield) Malicious url blocked popping up.htm
[2012/06/27 22:37:07 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/06/27 17:34:46 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\ammarlis\Desktop\ComboFix.exe
[2012/06/27 09:28:40 | 000,000,699 | ---- | M] () -- C:\user.js
[2012/06/27 09:28:07 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\YourFile Downloader.lnk
[2012/06/25 21:26:49 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/25 21:19:12 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ammarlis\Desktop\TDSSKiller.exe
[2012/06/23 14:44:01 | 000,000,000 | ---- | M] () -- C:\Users\ammarlis\Desktop\YourGame.exe
[2012/06/23 12:11:08 | 000,196,566 | ---- | M] () -- C:\Users\ammarlis\Desktop\Coupon.htm
[2012/06/23 11:41:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 11:41:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/20 12:54:52 | 000,071,104 | ---- | M] () -- C:\Windows\CouponPrinter.ocx
[2012/06/15 17:58:37 | 000,000,512 | ---- | M] () -- C:\Users\ammarlis\Desktop\MBR.dat
[2012/06/13 18:36:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/13 08:55:18 | 000,430,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 14:15:21 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAMMARLIS-HP$.job
[2012/06/07 17:13:06 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForammarlis.job
[2012/06/04 14:38:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\ammarlis\Desktop\minecraft (1).exe
[2012/06/03 23:35:34 | 056,731,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/06/03 00:55:33 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/05/31 00:10:48 | 000,126,944 | ---- | M] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 23:02:52 | 000,039,588 | ---- | C] () -- C:\Users\ammarlis\Desktop\[In Progress] (Avast! Network shield) Malicious url blocked popping up.htm
[2012/06/27 22:37:07 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/06/27 17:40:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/27 17:40:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/27 17:40:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/27 17:40:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/27 17:40:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/27 09:28:07 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\YourFile Downloader.lnk
[2012/06/25 21:26:49 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/23 14:44:01 | 000,000,000 | ---- | C] () -- C:\Users\ammarlis\Desktop\YourGame.exe
[2012/06/23 12:11:05 | 000,196,566 | ---- | C] () -- C:\Users\ammarlis\Desktop\Coupon.htm
[2012/06/19 14:27:59 | 000,000,927 | ---- | C] () -- C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2012/06/15 17:58:37 | 000,000,512 | ---- | C] () -- C:\Users\ammarlis\Desktop\MBR.dat
[2012/06/13 09:16:35 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/13 09:16:31 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/01 18:02:58 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/01 16:49:25 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/01 16:49:25 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/27 18:01:56 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/30 21:13:28 | 000,000,037 | ---- | C] () -- C:\Users\ammarlis\.mjsync_es_ES
[2012/03/11 14:53:52 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2012/01/17 17:37:24 | 000,015,360 | ---- | C] () -- C:\Users\ammarlis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/31 19:54:24 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/12/02 17:31:12 | 000,000,542 | ---- | C] () -- C:\Windows\eReg.dat
[2011/07/20 14:23:19 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011/07/08 15:27:42 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/08 15:27:42 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/30 10:26:51 | 000,001,854 | ---- | C] () -- C:\Users\ammarlis\AppData\Roaming\GhostObjGAFix.xml
[2011/06/04 22:11:38 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011/06/04 22:11:38 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011/06/04 22:11:38 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011/06/04 22:11:38 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011/06/04 22:11:38 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011/06/04 22:11:38 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011/06/04 22:11:38 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011/06/04 22:11:38 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011/06/04 22:11:38 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011/06/04 22:11:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011/06/04 22:11:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011/06/04 22:11:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011/06/04 22:11:38 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2011/06/04 22:11:38 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2011/06/04 22:11:38 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011/06/04 22:11:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011/06/04 22:11:38 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011/06/04 22:11:38 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011/06/04 22:11:38 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011/06/04 22:11:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011/06/04 22:11:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011/06/04 22:11:17 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011/06/04 22:11:17 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011/05/27 15:34:00 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/24 22:10:49 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/24 21:13:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 14:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/06/24 00:05:43 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\.minecraft
[2012/03/08 20:09:01 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\AnvSoft
[2011/08/02 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\Babylon
[2011/07/31 13:54:07 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\Bandoo
[2012/06/20 11:56:04 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\BitTorrent
[2011/10/29 16:04:44 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\DAEMON Tools
[2011/10/29 16:38:42 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\DAEMON Tools Lite
[2012/06/27 09:16:02 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\DriverCure
[2012/03/08 20:34:25 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\DVDVideoSoft
[2012/03/10 20:43:59 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\ExpressFiles
[2012/06/28 12:42:05 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\IMVU
[2012/06/15 21:08:48 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\IMVUClient
[2011/07/31 13:53:56 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\Itibiti
[2012/03/13 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\ooVoo Details
[2011/05/25 23:09:10 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\PlayFirst
[2012/01/17 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\Research In Motion
[2012/06/27 22:34:41 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\Rovio
[2012/03/09 20:46:30 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\SoftGrid Client
[2012/06/27 09:16:02 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\SpeedMaxPc
[2012/03/16 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\SystemRequirementsLab
[2012/06/10 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\TestApp
[2011/09/03 10:52:20 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\TP
[2012/05/13 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\Tunngle
[2011/05/25 02:20:15 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\WildTangent
[2011/05/25 21:40:45 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\WildTangentv1001
[2011/09/16 10:03:39 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\WinBatch
[2012/06/27 09:28:02 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\YourFileDownloader
[2012/06/28 22:00:03 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000Core.job
[2012/06/28 22:00:07 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000UA.job
[2012/06/28 12:58:06 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< c:\|Babylon;true;true;true /FP >
[2012/06/27 09:28:28 | 000,002,352 | ---- | M] () -- c:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2011/05/31 08:30:00 | 000,003,577 | ---- | M] () -- c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
[2011/08/02 19:32:25 | 000,000,000 | ---D | M] -- c:\ProgramData\Babylon
[2011/08/02 21:56:58 | 000,000,000 | ---D | M] -- c:\ProgramData\BabylonUpdater
[2010/12/24 21:35:56 | 000,000,000 | ---D | M] -- c:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia
[2011/08/02 19:32:25 | 000,000,000 | ---D | M] -- c:\Users\All Users\Babylon
[2011/08/02 21:56:58 | 000,000,000 | ---D | M] -- c:\Users\All Users\BabylonUpdater
[2010/12/24 21:35:56 | 000,000,000 | ---D | M] -- c:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia
[2012/05/24 16:56:25 | 000,000,013 | ---- | M] () -- c:\Users\ammarlis\AppData\Local\Microsoft\Internet Explorer\DOMStore\RCUVBMQJ\search.babylon[1].xml
[2011/08/04 10:06:04 | 000,000,000 | ---D | M] -- c:\Users\ammarlis\AppData\LocalLow\BabylonToolbar
[2011/08/04 10:06:04 | 000,000,000 | ---D | M] -- c:\Users\ammarlis\AppData\LocalLow\BabylonToolbar\BabylonToolbar
[2011/08/02 19:32:25 | 000,000,000 | ---D | M] -- c:\Users\ammarlis\AppData\Roaming\Babylon
[2011/08/07 11:38:39 | 000,000,178 | ---- | M] () -- c:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Cookies\Low\ammarlis@babylon[2].txt
[2012/03/12 19:50:41 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BabylonToolbar
[2012/03/12 19:50:41 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BabylonToolbar\BabylonToolbar

< HKEY_CLASSES_ROOT|Babylon.dskBnd.* /RS >

< HKEY_CLASSES_ROOT|Babylon.dskBnd /RS >

< HKEY_CLASSES_ROOT|bbylnApp.appCore.* /RS >

< HKEY_CLASSES_ROOT|bbylnApp.appCore /RS >

< HKEY_CLASSES_ROOT|bbylntlbr.bbylntlbrHlpr.* /RS >

< HKEY_CLASSES_ROOT|bbylntlbr.bbylntlbrHlpr /RS >

< HKEY_CLASSES_ROOT|bbylntlbr.xtrnl.* /RS >

< HKEY_CLASSES_ROOT|bbylntlbr.xtrnl /RS >

< HKEY_CLASSES_ROOT|escort.escortIEPane.* /RS >

< HKEY_CLASSES_ROOT|escort.escortIEPane /RS >

< HKEY_CLASSES_ROOT|escort.escrtBtn.* /RS >

< HKEY_CLASSES_ROOT|esrv.BabylonESrvc.* /RS >

< HKEY_CLASSES_ROOT|esrv.BabylonESrvc /RS >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:661DFA1C

< End of report >

vladinuto · « **Reply #35 on:** June 29, 2012, 07:49:14 AM »

Extras--------->

OTL Extras logfile created on: 6/29/2012 12:49:24 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\ammarlis\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 48.74% Memory free
3.50 Gb Paging File | 2.23 Gb Available in Paging File | 63.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.81 Gb Total Space | 311.09 Gb Free Space | 68.55% Space Free | Partition Type: NTFS
Drive D: | 11.85 Gb Total Space | 1.37 Gb Free Space | 11.55% Space Free | Partition Type: NTFS

Computer Name: AMMARLIS-HP | User Name: ammarlis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Windows\SysWOW64\igfxsb86.exe" = C:\Windows\SysWOW64\igfxsb86.exe:*:Enabled:Intel Service Driver
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Windows\SysWOW64\igfxsb86.exe" = C:\Windows\SysWOW64\igfxsb86.exe:*:Enabled:Intel Service Driver
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\SysWOW64\igfxsb86.exe" = C:\Windows\SysWOW64\igfxsb86.exe:*:Enabled:Intel Service Driver
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Windows\SysWOW64\igfxsb86.exe" = C:\Windows\SysWOW64\igfxsb86.exe:*:Enabled:Intel Service Driver
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F391F2-8167-4F19-8EDB-CB6E917137B7}" = rport=137 | protocol=17 | dir=out | app=system |
"{088FC19D-16DC-422E-9B57-4AB83587D59F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11AA55EF-A26C-43DA-B8EE-6DBAB6E7315E}" = lport=445 | protocol=6 | dir=in | app=system |
"{14004D6B-D725-489F-B6A3-7D263C9BEC97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1842C9BA-CFC4-4C09-86D3-E750D7D72E11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{203EB36A-7A6A-4A5E-8BD7-04FF63863692}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{2B5BD5AA-99D4-4635-BFEA-E2E9F3D24E2B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{31B8BD58-6DE1-4898-BB74-B69DDF8DB67B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{39249F8D-CDE4-444A-8A85-FC6E849FAF8C}" = lport=139 | protocol=6 | dir=in | app=system |
"{42228B8E-7333-40F9-A885-EC3EA21196DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D129EC9-B63E-46B6-BD29-F63F2B773112}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52D842B5-C2D5-45EC-BDA6-96FB5DC77918}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{5505A497-6393-4A39-A32B-DD1E6AC94267}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{59C3BC63-A304-4DCB-9F9B-1013100E8260}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5DCF5D2F-3852-4C19-868A-FD31A6C45A4E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{65BC7D79-3273-45FF-BBCC-9A56590FE528}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{665DAA4B-EBE1-4370-A5C8-3D0CA6579984}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{682E7B25-ED05-488D-8A2F-F75EAF569F36}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A332F2C-13C1-499B-9F33-4D2A3CE0371C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6FB1D6A0-53B7-40DC-A81F-6919FEECD3A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{70C9464D-7DF3-4BAC-93D1-2EBAF5A69D42}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7504D6FC-619D-4CA1-B4C6-2C5FFBE84716}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7AE64471-3462-4C41-B861-06E9B563A21A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7BFF4370-9A7D-4772-BBD4-4BF16618E282}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EDEF1C2-8053-4E2E-B35D-8B3E7EEF0E9D}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{80AD0AD0-4B61-4E53-B509-D5A5AEA05EDB}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{8126BFAE-7919-4230-8330-FAE83124A7FE}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{8322B5BC-1C03-47E3-B894-FE21F8B44D99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85A3CDD7-086F-4EDB-905D-9F1672A2BFE0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86ECD048-209A-45A8-950F-0BB1ACB9A099}" = lport=10243 | protocol=6 | dir=in | app=system |
"{97753360-71DC-494F-81A7-53FDADA3B501}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A58EB14A-F143-463B-83CA-774BD959DF69}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA056D31-8DC1-4B8A-8D30-61D3187D4E44}" = lport=138 | protocol=17 | dir=in | app=system |
"{B796F612-6749-4008-9EE2-644D7D44F895}" = rport=445 | protocol=6 | dir=out | app=system |
"{BBB2EF50-7866-41A9-A68B-EDC840CBE875}" = rport=138 | protocol=17 | dir=out | app=system |
"{C43C53E4-7BE0-4F71-9AC0-C554DA5F5821}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9ED1C00-8100-4EF2-B1B3-6FFF11C36FD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA12A0AA-8572-45C1-8372-4DF2A6DB96CB}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{DD9C2831-A65E-4990-994C-4AAF8E61EE68}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E942034A-31A7-45EF-98EA-A4837FCD48E0}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{F35646B8-4F75-4031-85E4-BC120690B27D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9FFA547-66AC-4C32-9478-F99C9E1F348F}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{FC06DAE0-B142-4927-99EB-50BF5BC8CF42}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024B2445-AD4D-47AA-8007-262C99404597}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{0761A807-33BE-48DF-88FB-EE2FE2F35E84}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0878662F-6072-4903-983F-6532BD602D14}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{0AABFFEA-4EC8-460A-8EC5-474CC5E99C58}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{0CCF782D-1618-419A-94E7-EBAC8FBBC794}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{14017BC9-000A-4E78-AB67-7FA7A963FCB8}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{14E24609-14AE-45DD-A24D-71BD619944A8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{19EEFD90-6BC4-47E9-98A0-DE4715D7ED6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A034383-63A1-46FE-8E73-0BAB7A9BDE77}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{1DE8282E-8474-4CD4-B3FD-4746F6F1FF64}" = protocol=6 | dir=in | app=c:\program files (x86)\callshop billing\sdp.exe |
"{1F6BAD26-3339-4868-A9E7-E3801FDA1C0A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{216BEFB6-0026-4B44-BF7C-37F317DA496C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{24068969-ABC2-4496-A255-D3DCAA5F6E3E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{24199614-BA9B-4E0B-B837-C97A49065572}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{25CED2D4-8895-4DF6-826D-53CEB50AC326}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{28083D07-D47F-4CB6-931E-13417DB52CF9}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{28F370D5-D75B-4AAE-8523-A096F64B19BB}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{31C9101D-5857-4225-917A-8CE9685F105B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35C608DF-5C3D-4C25-874C-4B4177F7A07E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{3A8E1ACB-E8A0-4F43-920C-12F500A4FC0B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3D8EB91C-278A-49E1-9917-7A52EBD2C449}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{3E6F9EC9-67EC-45D7-97B7-3AC1CE37D5C3}" = protocol=17 | dir=in | app=c:\program files (x86)\callshop billing\callshopapp.exe |
"{3EAF9417-6DD9-4D70-BC0F-9DAA1AFB67D9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{407F2FBA-125D-47EA-9690-F2EF3EB917CE}" = protocol=6 | dir=in | app=c:\program files (x86)\callshop billing\callshopapp.exe |
"{45FB12EC-009D-40D3-8A24-4BE9B6D5DCE8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B44FEFF-CA61-4ABF-890F-5B4FA059A2B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D941E1D-7582-4DA9-9DB1-E5E55CF1F890}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{4E1ED51F-C891-4140-934A-3B95DF91276B}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{4F8E53C6-E808-4A95-B678-0E010B5A9655}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{507D37E2-8182-4D77-8B68-7E89B3C44FD3}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{55EBB173-AA82-4CDB-A236-51687020008C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{58852F4F-3D35-4A9D-8143-A072931659E3}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{5A20A110-A058-4AFE-B8B7-97898DB95C1E}" = dir=in | app=c:\users\ammarlis\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{5B21996E-BFC3-43A9-ADBF-54B7A8C0D65D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5DAEE73B-EB64-428B-BA30-51D1711626EF}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\major league baseball 2k11\mlb2k11.exe |
"{5E913031-80CD-4F5C-9578-3A5788DE7582}" = protocol=6 | dir=in | app=c:\users\ammarlis\documents\nexon\combat arms\nmservice.exe |
"{5F55021E-35B7-4CD7-ABFA-F1BC140A8D8B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6505AB47-DB8A-4FE0-B2A3-716B0C11FABE}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{6A41D777-6059-4851-8624-9137D40470BB}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{6BB61413-A2D6-488E-8A43-616B22632139}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{72CC01F4-BFC0-442D-BE09-FB439D2E417E}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{72FE42D5-4B19-43F0-8258-F9BED880FA09}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{76FBBA8D-CBB5-4215-830E-5C79E25C637E}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{77F69F0D-28D2-4750-A59A-D5A10F7E79A9}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7B2612F6-A2EA-4D30-8B42-8193A1E7CB86}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{7B3DC89C-9819-4C44-B8C3-00F3B6E5CB0D}" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"{7DA6272C-9D52-46F3-9782-381BC8F230FC}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{7DC5B62F-9E7D-4192-861C-1738A0FDA1C0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7F385AF9-D542-4610-B9D0-BDCB9C4B3C60}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7FD5A2ED-B9FC-4B06-AA84-96F71F62DB73}" = protocol=6 | dir=out | app=system |
"{81EB2672-58D2-45B8-B0DC-62F1E3E306F4}" = protocol=17 | dir=in | app=c:\program files (x86)\callshop billing\sdp.exe |
"{82315AB3-2685-4177-B5E9-465A200DA75E}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{87A4A20D-C30B-45D7-B802-6A9AF0C2DA6D}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{8B1F4C51-BE4B-4D7D-8B4D-9D9A55883366}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8CA17C8F-D391-4625-B3B4-68B4B75E70CF}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{9060E2D9-2FE7-46D0-8DA3-8E1FF9349A71}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{927903E8-FED3-4BA9-ABD4-4B4851F9F9B6}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\major league baseball 2k11\mlb2k11.exe |
"{9AB8FA6E-4AFC-4344-B7B6-8D2597BD73D5}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{9DD9BFA0-E035-4EE3-A085-DFE3EADCC229}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{9EEE71C6-4234-4FB1-AF55-17AD28100E8D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9FF9F309-B213-4403-88D7-0E450F74D126}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A1BD338A-ACF9-4B6A-8883-93CD3868676E}" = protocol=6 | dir=in | app=c:\program files (x86)\callshop billing\callshopbilling.exe |
"{A42BA8EE-2FAF-4519-BAFF-FE71731D0368}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A95E4589-EE6B-4DEE-8E42-B05BA0AC5A8F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AA24AED8-6FFE-4D06-9F44-C45744E21249}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AAEDD0B8-02B9-4A56-B731-78418FF2454E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ABF95063-D372-4BC3-843E-548B8D50BA7F}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{AD56D385-7E4A-4F47-A6B6-DB6247D0CD12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADE75999-9E64-40E0-BA0F-CC318694FAC6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B3F35863-BE8E-47C1-A3DC-8CBAF8387BDF}" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"{B43A25AC-C832-4529-B7D9-01502E2231C0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{B558A2C0-86AF-4689-B5D8-F71B8F118A51}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C08A900A-BB9E-4093-B2D3-D2EF7C7739A6}" = protocol=17 | dir=in | app=c:\users\ammarlis\documents\nexon\combat arms\nmservice.exe |
"{C4E3DA9E-E199-4956-8C6E-62727E321B9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C52B3299-B881-49A9-A842-85F6DE6BE43F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C851C7C9-E0EF-4308-A704-2D1992995351}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C8A56387-0504-4805-9F02-C5CAA94CF91B}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{CA342C0E-3712-42F9-8904-12E3D688DB01}" = protocol=6 | dir=in | app=c:\users\ammarlis\desktop\need for speed underground 2\speed2.exe |
"{CB70C7E2-6697-41EC-9F50-B5A129783EED}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{CD89F19A-CC23-4F2E-8098-A28BA4D0DF87}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed underground 2\speed2.exe |
"{CEA64B4D-CA28-4EDE-BDC7-FB84339EF1A2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D1B315F7-6A22-4A25-853C-38CC6D928AD7}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D21FAEC6-D157-4D56-8BA8-47176ACD4F42}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed underground 2\speed2.exe |
"{D380015F-BDD0-4184-89CE-A66647DDE189}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DA1417B2-3A40-4679-837E-2C09EB34679A}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{DBE373DA-F38C-4A9D-83D9-82318534A8CE}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{DC5EB06F-B337-421D-BDF4-F63168BB0294}" = protocol=17 | dir=in | app=c:\program files (x86)\callshop billing\ms.exe |
"{DEBCDDBD-E7F6-4473-893C-8BF0ED732867}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E107E041-DF47-486A-BB7C-39EF135D1AE9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EA1E9AFC-3BDC-4F2C-A127-48F39DDBCF59}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{EB071181-6236-4236-A797-B98A176205C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EB5DF429-634A-4267-8EF6-DDA4B4606CF1}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{EC2BB4F6-7A66-44B9-A9D0-1546866C9B56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0814946-4601-4122-82F1-A3748953404B}" = protocol=6 | dir=in | app=c:\program files (x86)\callshop billing\ms.exe |
"{F118587B-6B54-4AE2-A445-34F145573CE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F1E12067-17DA-480D-A2E0-29336FC08CFF}" = protocol=17 | dir=in | app=c:\program files (x86)\callshop billing\callshopbilling.exe |
"{F71D11CC-521E-4420-8203-A50FBBF5384D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{F7A73742-AEA9-42C2-B62B-4BEC67996669}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F9602924-B1C2-438A-894B-59295266702F}" = protocol=17 | dir=in | app=c:\users\ammarlis\desktop\need for speed underground 2\speed2.exe |
"{F9D14D7B-D7E7-4E60-8EA1-9BDF15394394}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"TCP Query User{0072FE48-CBD7-4FC1-8164-9E0CA02BDB67}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{0955C536-822B-401C-AD64-5DC7FC3D26FE}C:\Program Files (x86)\oovoo\ooVoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{1E65647B-E477-417A-B2CA-00ACBB94BCB7}C:\program files (x86)\callshop billing\ms.exe" = protocol=6 | dir=in | app=c:\program files (x86)\callshop billing\ms.exe |
"TCP Query User{2C50EE6B-25DD-4CF1-998A-9DCB1A9CBB7A}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{349AB0FD-F73D-491A-B942-914B76695C9B}C:\program files (x86)\callshop billing\callshopbilling.exe" = protocol=6 | dir=in | app=c:\program files (x86)\callshop billing\callshopbilling.exe |
"TCP Query User{37055DB7-996D-4AB1-9BC2-5E4D44806B58}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{41C96EB0-AFA3-4ABB-B912-A85B44077EDC}C:\program files (x86)\callshop billing\callshopapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\callshop billing\callshopapp.exe |
"TCP Query User{44688379-EBED-4CC5-B688-7C20A87F24D9}C:\users\ammarlis\desktop\need for speed underground 2\speed2.exe" = protocol=6 | dir=in | app=c:\users\ammarlis\desktop\need for speed underground 2\speed2.exe |
"TCP Query User{5AB70460-35C2-44D1-9D6F-2F638C381CA5}C:\users\ammarlis\documents\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\users\ammarlis\documents\nexon\combat arms\engine.exe |
"TCP Query User{5AFF8D66-C836-4DC5-8789-4D1C60DC6990}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{8746FCBB-7F86-4379-8ECA-9EC80DBE9CCE}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"TCP Query User{8D2493D5-B96F-42BD-BD47-DD05568547C4}C:\users\ammarlis\magnojuegos\jre\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\ammarlis\magnojuegos\jre\jre\bin\javaw.exe |
"TCP Query User{A35C36B9-B226-4B7A-A51C-298AA9548890}C:\program files (x86)\ea games\need for speed underground 2\speed2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed underground 2\speed2.exe |
"TCP Query User{B0C5EFFF-47FE-408D-9971-A0FE80957A88}C:\Program Files (x86)\Java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{B355C94A-6B07-4FD1-B7AD-33BEC9092690}C:\program files (x86)\callshop billing\testcall.exe" = protocol=6 | dir=in | app=c:\program files (x86)\callshop billing\testcall.exe |
"TCP Query User{B460AFED-ACD5-4140-9CA8-9C43F2CF7D72}C:\Program Files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"TCP Query User{D8775954-2926-423A-A00F-3F1CC053387B}C:\program files (x86)\callshop billing\testcall.exe" = protocol=6 | dir=in | app=c:\program files (x86)\callshop billing\testcall.exe |
"TCP Query User{DAF13874-F916-4B95-9120-285BD6D32965}C:\users\ammarlis\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\ammarlis\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{F0D4880F-E466-4C9F-AB90-7239559AD6DD}C:\program files (x86)\callshop billing\sdp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\callshop billing\sdp.exe |
"UDP Query User{08BD701D-BB37-4896-98DE-94F51609133D}C:\program files (x86)\callshop billing\ms.exe" = protocol=17 | dir=in | app=c:\program files (x86)\callshop billing\ms.exe |
"UDP Query User{122D1122-5C3A-407B-B990-2B97D769A9C3}C:\program files (x86)\ea games\need for speed underground 2\speed2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed underground 2\speed2.exe |
"UDP Query User{1B3B7723-4326-4E05-BE64-6D7FDB4523A8}C:\program files (x86)\callshop billing\callshopbilling.exe" = protocol=17 | dir=in | app=c:\program files (x86)\callshop billing\callshopbilling.exe |
"UDP Query User{1F687FCE-DCAB-4070-BE87-616B34B31A24}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"UDP Query User{206096BD-F80C-4D92-BD32-774E6C002068}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{3018B47A-F6C3-4E37-9B81-85104E34116F}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{36AD1E8E-E943-4710-9F51-2EB0538C93A8}C:\Program Files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"UDP Query User{717D33C4-5870-4F2F-95E4-73C2A3173C4B}C:\users\ammarlis\documents\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\users\ammarlis\documents\nexon\combat arms\engine.exe |
"UDP Query User{807A2457-AAE6-4E00-AB7F-169CF3C50235}C:\program files (x86)\callshop billing\callshopapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\callshop billing\callshopapp.exe |
"UDP Query User{822AF7ED-F139-4C03-BED2-9E71AD963671}C:\users\ammarlis\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\ammarlis\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{83EDAE54-0A8B-478D-AB7D-6363894500B0}C:\users\ammarlis\magnojuegos\jre\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\ammarlis\magnojuegos\jre\jre\bin\javaw.exe |
"UDP Query User{8CE75D9B-0503-4674-982C-F0280C7FDAEB}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{8EBE64AA-2462-4D00-AC9C-7C1DC1CCD4C8}C:\Program Files (x86)\oovoo\ooVoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{98CA9C2B-40C7-42CB-898A-F04A68BD8057}C:\program files (x86)\callshop billing\sdp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\callshop billing\sdp.exe |
"UDP Query User{9C88D3EB-4661-4850-A023-E9A2734F67C7}C:\users\ammarlis\desktop\need for speed underground 2\speed2.exe" = protocol=17 | dir=in | app=c:\users\ammarlis\desktop\need for speed underground 2\speed2.exe |
"UDP Query User{A6CA864D-2171-4BC2-939C-56A64AEC859B}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{E8AB2859-F835-413A-8A04-089BF8D9061F}C:\Program Files (x86)\Java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{F03A3A83-4C3D-4245-AAE0-BFABCB53D909}C:\program files (x86)\callshop billing\testcall.exe" = protocol=17 | dir=in | app=c:\program files (x86)\callshop billing\testcall.exe |
"UDP Query User{F134C539-7F7D-4B6B-B227-CA04F0942573}C:\program files (x86)\callshop billing\testcall.exe" = protocol=17 | dir=in | app=c:\program files (x86)\callshop billing\testcall.exe |

vladinuto · « **Reply #36 on:** June 29, 2012, 07:50:20 AM »

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2D5E3D2B-919F-407C-8757-E64827518BB6}" = HP Officejet Pro 8600 Basic Device Software
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.440
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F792E5B0-11C4-4C68-8A63-FB5F52749180}" = HP Officejet Pro 8600 Product Improvement Study
"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F1E283D-23D9-4E09-B967-F46A053FEA89}" = ASPCA TriMini Reminder by We-Care.com v5.0.0.1
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
"{30120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007 (Beta)
"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
"{603C0DC4-665E-4CC9-8ED1-7FE1F03AB943}" = Fantapper Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170BF54-7808-45EE-AB06-6BCE7A254E29}" = Angry Birds Space
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A8B0B3D-58B9-475F-8EFE-412E00FEC18F}" = Callshop Billing
"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7C4A7C62-C061-4589-BE55-91C9668C4100}" = Callshop Billing
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_ENTERPRISE_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96A628B7-93D6-46CC-9E74-02F7D2E21E96}" = Major League Baseball 2K11
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.126
"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FDC4C499-7B67-4A58-A30B-E1276C26BFEF}" = Angry Birds Seasons
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = 1ClickDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Ares" = Ares 2.1.7
"avast" = avast! Free Antivirus
"Bandoo" = Bandoo
"BitTorrent" = BitTorrent
"Blackberry Reapair System Beta 1.86" = Blackberry Reapair System Beta 1.86
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Arms" = Combat Arms
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Video to BlackBerry Converter_is1" = Free Video to BlackBerry Converter version 5.0.6.221
"gBurner" = gBurner
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Itibiti_is1" = Knctr
"Kobo" = Kobo

vladinuto · « **Reply #37 on:** June 29, 2012, 07:52:23 AM »

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"PDF Complete" = PDF Complete Special Edition
"PriceGong" = PriceGong 2.5.1
"TeamViewer 6" = TeamViewer 6
"Tunngle beta_is1" = Tunngle beta
"VLC media player" = VLC media player 2.0.0
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WinToFlash Suggestor" = WinToFlash Suggestor
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"YourFileDownloader" = YourFileDownloader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2012 11:44:22 AM | Computer Name = ammarlis-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/10/2012 11:26:13 AM | Computer Name = ammarlis-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/10/2012 4:52:56 PM | Computer Name = ammarlis-HP | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

Error - 6/10/2012 6:16:10 PM | Computer Name = ammarlis-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/11/2012 5:35:10 PM | Computer Name = ammarlis-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/13/2012 12:15:16 PM | Computer Name = ammarlis-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/13/2012 6:36:21 PM | Computer Name = ammarlis-HP | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 19.0.1084.56, time
stamp: 0x4fd04f16 Faulting module name: chrome.dll, version: 19.0.1084.56, time
stamp: 0x4fd04e9f Exception code: 0xc0000005 Fault offset: 0x0036ae74 Faulting process
id: 0x862c Faulting application start time: 0x01cd49b4e3602023 Faulting application
path: C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\chrome.dll
Report
Id: 32c38b9c-b5a8-11e1-8f36-78acc0a741b6

Error - 6/15/2012 12:33:16 AM | Computer Name = ammarlis-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/16/2012 12:56:29 AM | Computer Name = ammarlis-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/18/2012 2:09:33 AM | Computer Name = ammarlis-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/18/2012 10:58:34 AM | Computer Name = ammarlis-HP | Source = Application Hang | ID = 1002
Description = The program WoW_4_0_6.exe.exe version 4.0.6.13623 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1358 Start
Time: 01cd4d62c7617e44 Termination Time: 54 Application Path: C:\Windows\wow\WoW_4_0_6.exe.exe

Report
Id: 0e65c592-b956-11e1-8c5b-78acc0a741b6

[ Hewlett-Packard Events ]
Error - 12/1/2011 10:51:16 AM | Computer Name = ammarlis-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/1/2011 10:51:54 AM | Computer Name = ammarlis-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/8/2011 11:00:43 AM | Computer Name = ammarlis-HP | Source = hpsa_service.exe | ID = 2000
Description =

Error - 12/8/2011 11:02:23 AM | Computer Name = ammarlis-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/8/2011 11:02:23 AM | Computer Name = ammarlis-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/8/2011 11:02:23 AM | Computer Name = ammarlis-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/22/2011 10:57:00 AM | Computer Name = ammarlis-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/29/2011 10:31:40 AM | Computer Name = ammarlis-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at

Message: The server did not provide a meaningful

reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at

: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1791 Ram Utilization: 60 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 12/29/2011 10:31:40 AM | Computer Name = ammarlis-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at

Message: The server did not provide a meaningful

reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at

: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1791 Ram Utilization: 60 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 1/19/2012 10:20:28 AM | Computer Name = ammarlis-HP | Source = HPSF.exe | ID = 4000
Description =

[ OSession Events ]
Error - 8/28/2011 11:18:49 AM | Computer Name = ammarlis-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 688
seconds with 660 seconds of active time. This session ended with a crash.

Error - 1/29/2012 11:47:28 AM | Computer Name = ammarlis-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/23/2012 5:29:08 PM | Computer Name = ammarlis-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3818
seconds with 3060 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/28/2012 12:58:07 PM | Computer Name = ammarlis-HP | Source = Service Control Manager | ID = 7031
Description = The Secondary Logon service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 6/28/2012 12:58:07 PM | Computer Name = ammarlis-HP | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 6/28/2012 12:58:07 PM | Computer Name = ammarlis-HP | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 6/28/2012 12:58:07 PM | Computer Name = ammarlis-HP | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 6/28/2012 12:58:07 PM | Computer Name = ammarlis-HP | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 6/28/2012 12:58:07 PM | Computer Name = ammarlis-HP | Source = Service Control Manager | ID = 7031
Description = The Windows Update service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/28/2012 12:59:08 PM | Computer Name = ammarlis-HP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 6/28/2012 1:00:07 PM | Computer Name = ammarlis-HP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Computer Browser service,
but this action failed with the following error: %%1056

Error - 6/28/2012 1:00:07 PM | Computer Name = ammarlis-HP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056

Error - 6/28/2012 1:00:07 PM | Computer Name = ammarlis-HP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

< End of report >

Hoov · « **Reply #38 on:** June 29, 2012, 08:10:29 AM »

I am looking over the log coming up with the fix, but I noticed something. You apparently have a copy of Bittorrent installed. Please read this, [NEW Instructions!] What Do I Do First? Let me know once you have taken care of it.

vladinuto · « **Reply #39 on:** June 29, 2012, 08:19:55 AM »

i cant see anything about bittorrent in the post but i already uninstall it :D

Hoov · « **Reply #40 on:** June 29, 2012, 08:51:07 AM »

OK, it is near the bottom of post 36.

Run OTL

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

:OTL
[2012/06/27 09:28:28 | 000,002,352 | ---- | M] () -- c:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2011/05/31 08:30:00 | 000,003,577 | ---- | M] () -- c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
[2011/08/02 19:32:25 | 000,000,000 | ---D | M] -- c:\ProgramData\Babylon
[2011/08/02 21:56:58 | 000,000,000 | ---D | M] -- c:\ProgramData\BabylonUpdater
[2010/12/24 21:35:56 | 000,000,000 | ---D | M] -- c:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia
[2011/08/02 19:32:25 | 000,000,000 | ---D | M] -- c:\Users\All Users\Babylon
[2011/08/02 21:56:58 | 000,000,000 | ---D | M] -- c:\Users\All Users\BabylonUpdater
[2010/12/24 21:35:56 | 000,000,000 | ---D | M] -- c:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia
[2012/05/24 16:56:25 | 000,000,013 | ---- | M] () -- c:\Users\ammarlis\AppData\Local\Microsoft\Internet Explorer\DOMStore\RCUVBMQJ\search.babylon[1].xml
[2011/08/04 10:06:04 | 000,000,000 | ---D | M] -- c:\Users\ammarlis\AppData\LocalLow\BabylonToolbar
[2011/08/04 10:06:04 | 000,000,000 | ---D | M] -- c:\Users\ammarlis\AppData\LocalLow\BabylonToolbar\BabylonToolbar
[2011/08/02 19:32:25 | 000,000,000 | ---D | M] -- c:\Users\ammarlis\AppData\Roaming\Babylon
[2011/08/07 11:38:39 | 000,000,178 | ---- | M] () -- c:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Cookies\Low\ammarlis@babylon[2].txt
[2012/03/12 19:50:41 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BabylonToolbar
[2012/03/12 19:50:41 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BabylonToolbar\BabylonToolbar
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

vladinuto · « **Reply #41 on:** June 29, 2012, 10:42:25 AM »

OTL FIX LOG----->

========== OTL ==========
c:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png moved successfully.
c:\ProgramData\Babylon folder moved successfully.
c:\ProgramData\BabylonUpdater folder moved successfully.
c:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia folder moved successfully.
Folder c:\Users\All Users\Babylon\ not found.
Folder c:\Users\All Users\BabylonUpdater\ not found.
Folder c:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia\ not found.
c:\Users\ammarlis\AppData\Local\Microsoft\Internet Explorer\DOMStore\RCUVBMQJ\search.babylon[1].xml moved successfully.
c:\Users\ammarlis\AppData\LocalLow\BabylonToolbar\BabylonToolbar folder moved successfully.
c:\Users\ammarlis\AppData\LocalLow\BabylonToolbar folder moved successfully.
Folder c:\Users\ammarlis\AppData\LocalLow\BabylonToolbar\BabylonToolbar\ not found.
c:\Users\ammarlis\AppData\Roaming\Babylon folder moved successfully.
c:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Cookies\Low\ammarlis@babylon[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BabylonToolbar\BabylonToolbar folder moved successfully.
Folder C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BabylonToolbar\BabylonToolbar\ not found.

OTL by OldTimer - Version 3.2.53.0 log created on 06292012_121140

vladinuto · « **Reply #42 on:** June 29, 2012, 10:43:45 AM »

OTL Quick scan log ----->

OTL logfile created on: 6/29/2012 12:17:27 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\ammarlis\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 32.59% Memory free
3.50 Gb Paging File | 2.24 Gb Available in Paging File | 64.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.81 Gb Total Space | 311.15 Gb Free Space | 68.56% Space Free | Partition Type: NTFS
Drive D: | 11.85 Gb Total Space | 1.37 Gb Free Space | 11.55% Space Free | Partition Type: NTFS

Computer Name: AMMARLIS-HP | User Name: ammarlis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ammarlis\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe (http://yourfiledownloader.com)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)

========== Modules (No Company Name) ==========

MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\imagutil.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (lxec_device) -- C:\Windows\SysNative\lxeccoms.exe ( )
SRV:64bit: - (lxecCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Bandoo Coordinator) -- C:\Program Files (x86)\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (WSWNDA3100) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (lxec_device) -- C:\Windows\SysWOW64\lxeccoms.exe ( )
SRV - (lxecCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0003002
IE - HKLM\..\URLSearchHook: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3059010
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0003002

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=HP_ss&mntrId=b6d72969000000000000204e7fdf1ba7
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0B6F0D48-2589-4F7B-A1B1-72C4DD42693A}: "URL" = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=68f5ea9437a24321ae5f6c8f0315e5bd
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=060612_7_&babsrc=SP_ss&mntrId=b6d72969000000000000204e7fdf1ba7
IE - HKCU\..\SearchScopes\{1522904C-D754-4340-B4B8-3CF0A8A43412}: "URL" = http://isearch.avg.com/search?cid={B37DCD7A-4C7D-4776-84E0-4DD19A1B88B6}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
IE - HKCU\..\SearchScopes\{42BA888D-E705-42D5-B31A-FB0052F8BE17}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=APN10379&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABE&apn_dtid=^YYYYYY^YY^US&apn_uid=a5e98053-f4fb-4b14-b341-ce05dcb84fc6&apn_sauid=AE230C05-91AC-4EA2-BB09-A53FF1C4A91E
IE - HKCU\..\SearchScopes\{72FFCF45-4C35-4B6F-AB30-C1004B24EDFA}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=63263&p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE - HKCU\..\SearchScopes\{C5F57FF6-6A9A-42DC-9E79-AF79495DA3ED}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb143/?search={searchTerms}&loc=IB_DS&a=6R8u1NU9Yr&i=26
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0003002
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=HP_ss&mntrId=b6d72969000000000000204e7fdf1ba7"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

vladinuto · « **Reply #43 on:** June 29, 2012, 10:44:38 AM »

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ammarlis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ammarlis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ammarlis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/25 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/25 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/08 01:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 12:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/23 12:06:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.1\FF [2011/07/31 13:50:20 | 000,000,000 | ---D | M]

[2011/07/31 13:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Extensions
[2012/06/27 17:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Firefox\Profiles\d9is01ze.default\extensions
[2012/06/15 21:08:10 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Firefox\Profiles\d9is01ze.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/06/27 17:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Firefox\Profiles\d9is01ze.default\extensions\staged
[2012/06/03 13:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Firefox\Profiles\d9is01ze.default\jetpack\FantapperExtension@brandaffinity.net
[2012/06/03 13:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ammarlis\AppData\Roaming\mozilla\Firefox\Profiles\d9is01ze.default\jetpack\FantapperExtension@brandaffinity.net\simple-storage
[2012/06/14 20:19:30 | 000,000,919 | ---- | M] () -- C:\Users\ammarlis\AppData\Roaming\Mozilla\Firefox\Profiles\d9is01ze.default\searchplugins\conduit.xml
[2012/06/03 00:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/08 01:18:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/03 13:24:20 | 000,086,818 | ---- | M] () (No name found) -- C:\USERS\AMMARLIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D9IS01ZE.DEFAULT\EXTENSIONS\ONECLICKDOWNLOADER@ONECLICKDOWNLOADER.COM.XPI
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/20 12:54:54 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 12:54:56 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/18 12:58:12 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ammarlis\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ammarlis\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\ammarlis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.440_0\npbrowserext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Display Engine v2 (Enabled) = C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npnxgame.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ammarlis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2012/06/28 00:50:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\ammarlis\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - Reg Error: Key error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A6B46-8E4B-4404-B7B1-69E6039A048A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98ED6793-7149-4B9D-95FA-55106A7E1BD3}: NameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD21BC46-03F5-448F-A7CF-B71C8BF46C7E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\PROGRA~2\Bandoo\BndHook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/29 12:11:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/28 13:23:47 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\ikiller16's custom map
[2012/06/28 00:57:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/28 00:50:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/28 00:38:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/28 00:35:42 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\Logs
[2012/06/27 23:02:53 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\[In Progress] (Avast! Network shield) Malicious url blocked popping up_files
[2012/06/27 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\ABSpace_ByFuegazo86
[2012/06/27 20:04:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/27 19:59:54 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ammarlis\Desktop\TDSSKiller.exe
[2012/06/27 17:40:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/27 17:40:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/27 17:40:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/27 17:40:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/27 17:39:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/27 17:34:23 | 004,570,514 | R--- | C] (Swearware) -- C:\Users\ammarlis\Desktop\ComboFix.exe
[2012/06/27 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\YourFileDownloader
[2012/06/27 09:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
[2012/06/27 09:16:02 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\SpeedMaxPc
[2012/06/27 09:16:02 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\DriverCure
[2012/06/27 09:15:53 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedMaxPc
[2012/06/27 09:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/06/26 20:50:27 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\ammarlis\Desktop\minecraft (1).exe
[2012/06/26 16:02:27 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\GoTube
[2012/06/25 21:26:56 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/25 21:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/25 21:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/25 21:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/23 13:06:57 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Local\Norman Malware Cleaner
[2012/06/23 12:11:08 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Desktop\Coupon_files
[2012/06/23 12:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/06/23 12:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/06/18 13:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/18 12:56:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/18 12:56:33 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2012/06/18 12:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2012/06/18 12:12:07 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2K Sports
[2012/06/18 11:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Sports
[2012/06/17 13:14:10 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\Malwarebytes
[2012/06/17 13:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/17 13:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/17 13:14:00 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/17 13:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/15 21:08:33 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Local\CRE
[2012/06/15 21:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/06/15 21:05:44 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\IMVU
[2012/06/15 21:05:01 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\IMVUClient
[2012/06/13 17:10:01 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\Documents\NFS Carbon
[2012/06/13 17:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/06/13 16:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/06/13 09:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/06/13 09:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/12 21:53:40 | 000,000,000 | R--D | C] -- C:\Users\ammarlis\Desktop\;
[2012/06/10 16:57:58 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\TestApp
[2012/06/09 11:11:52 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Local\Macromedia
[2012/06/04 22:59:25 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Roaming\.minecraft
[2012/06/03 13:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/06/01 18:02:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/01 16:49:29 | 000,000,000 | ---D | C] -- C:\Users\ammarlis\AppData\Local\Mozilla
[2012/06/01 16:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/01 16:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

vladinuto · « **Reply #44 on:** June 29, 2012, 10:45:27 AM »

========== Files - Modified Within 30 Days ==========

[2012/06/29 12:21:14 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/29 12:21:14 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/29 12:21:14 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/29 12:21:09 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/29 12:20:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 12:20:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 12:16:32 | 000,000,927 | ---- | M] () -- C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2012/06/29 12:13:39 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/29 12:13:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/29 12:13:24 | 1408,720,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 12:03:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000UA.job
[2012/06/29 11:41:49 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 10:00:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000UA.job
[2012/06/28 22:00:03 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000Core.job
[2012/06/28 09:03:18 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000Core.job
[2012/06/28 00:50:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/27 23:02:53 | 000,039,588 | ---- | M] () -- C:\Users\ammarlis\Desktop\[In Progress] (Avast! Network shield) Malicious url blocked popping up.htm
[2012/06/27 22:37:07 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/06/27 17:34:46 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\ammarlis\Desktop\ComboFix.exe
[2012/06/27 09:28:40 | 000,000,699 | ---- | M] () -- C:\user.js
[2012/06/27 09:28:07 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\YourFile Downloader.lnk
[2012/06/25 21:26:49 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/25 21:19:12 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ammarlis\Desktop\TDSSKiller.exe
[2012/06/23 14:44:01 | 000,000,000 | ---- | M] () -- C:\Users\ammarlis\Desktop\YourGame.exe
[2012/06/23 12:11:08 | 000,196,566 | ---- | M] () -- C:\Users\ammarlis\Desktop\Coupon.htm
[2012/06/20 12:54:52 | 000,071,104 | ---- | M] () -- C:\Windows\CouponPrinter.ocx
[2012/06/15 17:58:37 | 000,000,512 | ---- | M] () -- C:\Users\ammarlis\Desktop\MBR.dat
[2012/06/13 18:36:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/13 08:55:18 | 000,430,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 14:15:21 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAMMARLIS-HP$.job
[2012/06/07 17:13:06 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForammarlis.job
[2012/06/04 14:38:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\ammarlis\Desktop\minecraft (1).exe
[2012/06/03 00:55:33 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/31 00:10:48 | 000,126,944 | ---- | M] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 23:02:52 | 000,039,588 | ---- | C] () -- C:\Users\ammarlis\Desktop\[In Progress] (Avast! Network shield) Malicious url blocked popping up.htm
[2012/06/27 22:37:07 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/06/27 17:40:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/27 17:40:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/27 17:40:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/27 17:40:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/27 17:40:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/27 09:28:07 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\YourFile Downloader.lnk
[2012/06/25 21:26:49 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/23 14:44:01 | 000,000,000 | ---- | C] () -- C:\Users\ammarlis\Desktop\YourGame.exe
[2012/06/23 12:11:05 | 000,196,566 | ---- | C] () -- C:\Users\ammarlis\Desktop\Coupon.htm
[2012/06/19 14:27:59 | 000,000,927 | ---- | C] () -- C:\Users\ammarlis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2012/06/15 17:58:37 | 000,000,512 | ---- | C] () -- C:\Users\ammarlis\Desktop\MBR.dat
[2012/06/13 09:16:35 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/13 09:16:31 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/01 18:02:58 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/01 16:49:25 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/01 16:49:25 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/27 18:01:56 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/30 21:13:28 | 000,000,037 | ---- | C] () -- C:\Users\ammarlis\.mjsync_es_ES
[2012/03/11 14:53:52 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2012/01/17 17:37:24 | 000,015,360 | ---- | C] () -- C:\Users\ammarlis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/31 19:54:24 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/12/02 17:31:12 | 000,000,542 | ---- | C] () -- C:\Windows\eReg.dat
[2011/07/20 14:23:19 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011/07/08 15:27:42 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/08 15:27:42 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/30 10:26:51 | 000,001,854 | ---- | C] () -- C:\Users\ammarlis\AppData\Roaming\GhostObjGAFix.xml
[2011/06/04 22:11:38 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011/06/04 22:11:38 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011/06/04 22:11:38 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011/06/04 22:11:38 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011/06/04 22:11:38 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011/06/04 22:11:38 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011/06/04 22:11:38 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011/06/04 22:11:38 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011/06/04 22:11:38 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011/06/04 22:11:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011/06/04 22:11:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011/06/04 22:11:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011/06/04 22:11:38 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2011/06/04 22:11:38 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2011/06/04 22:11:38 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011/06/04 22:11:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011/06/04 22:11:38 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011/06/04 22:11:38 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011/06/04 22:11:38 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011/06/04 22:11:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011/06/04 22:11:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011/06/04 22:11:17 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011/06/04 22:11:17 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011/05/27 15:34:00 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/24 22:10:49 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/24 21:13:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 14:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/06/24 00:05:43 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\.minecraft
[2012/03/08 20:09:01 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\AnvSoft
[2011/07/31 13:54:07 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\Bandoo
[2012/06/29 10:16:25 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\BitTorrent
[2011/10/29 16:04:44 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\DAEMON Tools
[2011/10/29 16:38:42 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\DAEMON Tools Lite
[2012/06/27 09:16:02 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\DriverCure
[2012/03/08 20:34:25 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\DVDVideoSoft
[2012/03/10 20:43:59 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\ExpressFiles
[2012/06/29 12:15:04 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\IMVU
[2012/06/15 21:08:48 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\IMVUClient
[2011/07/31 13:53:56 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\Itibiti
[2012/03/13 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\ooVoo Details
[2011/05/25 23:09:10 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\PlayFirst
[2012/01/17 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\Research In Motion
[2012/06/27 22:34:41 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\Rovio
[2012/03/09 20:46:30 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\SoftGrid Client
[2012/06/27 09:16:02 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\SpeedMaxPc
[2012/03/16 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\SystemRequirementsLab
[2012/06/10 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\TestApp
[2011/09/03 10:52:20 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\TP
[2012/05/13 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\Tunngle
[2011/05/25 02:20:15 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\WildTangent
[2011/05/25 21:40:45 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\WildTangentv1001
[2011/09/16 10:03:39 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\WinBatch
[2012/06/27 09:28:02 | 000,000,000 | ---D | M] -- C:\Users\ammarlis\AppData\Roaming\YourFileDownloader
[2012/06/28 22:00:03 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000Core.job
[2012/06/29 10:00:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1921910533-3271970078-1089744789-1000UA.job
[2012/06/28 12:58:06 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:661DFA1C

< End of report >

News:

Author Topic: [Resolved] (Avast! Network shield) "Malicious url blocked" popping up (Read 8224 times)

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

Hoov

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

Hoov

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

Hoov

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up

vladinuto

Re: [In Progress] (Avast! Network shield) "Malicious url blocked" popping up