Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible infection name: Gen:Adware.MPlug.1(B), ADCLICK-DS Trojan, AB

Started by Arkanfel , Jun 19 2013 04:28 AM

  • This topic is locked This topic is locked

#1
Arkanfel
Posted 19 June 2013 - 04:28 AM

Arkanfel

    Member

  • Member
  • PipPip
  • 17 posts
I have read the article 'How did I get infected in the first place?' and followed the instructions. I ran scans with each of the programs listed, and they found nothing. Whenever I clicked a link to download an installer, it would download a different program called setup.exe instead. The only way I could download the real file was to right-click and select 'save as'. At times, I click links that opens a small pop up for signing in via facebook, or providing me with help on bankofamerica.com, not ads; I am redirected to another website at random, and most of them are Asian, or sites with Adware.

I am also a gamer, and I use the Private Internet Access proxy for added security. I don't know where, or at what point I was infected, because my Anti-Malware and Anti-Virus programs never detected anything, in spite of updates. I received a ban from World of Warcraft because I was falsely accused of buying and selling gold for real money. This malware may have caused my account security to be compromised, and used to exploit the game without my knowledge; leading to the ban. Or it might have been because the proxy gave the provider a false positive, but I don't want to take chances, because my account with the game had been compromised once before, a few years ago, and it was huge hassle. Due to the lack of my virus and spyware programs to find and fix the problem, I ran ComboFix as a last resort, as suggested by Blizzard. I think it fixed the problem, but I also have directions to provide the log on this forum.

Following the 'Malware and Spyware Cleaning Guide', I've installed the necessary software. Here is the log from OTL, with the Extras attached. I have also attached my PC Specs at the end. Thank you for taking the time to look this over. Please let me know if there's anything else you need from me.

OTL logfile created on: 6/19/2013 1:02:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 41.33% Memory free
7.49 Gb Paging File | 5.18 Gb Available in Paging File | 69.13% Paging File free
Paging file location(s): C:\pagefile.sys 4605 4605E:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.73 Gb Total Space | 83.78 Gb Free Space | 36.00% Space Free | Partition Type: NTFS
Drive D: | 661.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.86 Gb Total Space | 0.09 Gb Free Space | 4.96% Space Free | Partition Type: FAT32

Computer Name: JOHN-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/19 00:22:47 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\bin\rubyw.exe
PRC - [2013/06/19 00:22:43 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\Administrator\AppData\Local\Temp\ocr5476.tmp\bin\rubyw.exe
PRC - [2013/06/17 22:51:19 | 000,176,128 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
PRC - [2013/06/17 22:51:18 | 009,186,952 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
PRC - [2013/06/17 22:51:17 | 000,510,464 | ---- | M] () -- C:\Program Files\pia_manager\openvpn.exe
PRC - [2013/06/17 15:27:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.com
PRC - [2013/06/17 13:37:23 | 000,920,488 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Aurora\firefox.exe
PRC - [2013/06/17 13:37:19 | 000,017,320 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Aurora\plugin-container.exe
PRC - [2013/05/22 10:30:52 | 000,661,360 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/18 06:56:14 | 000,659,992 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/16 15:59:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oasrv.exe
PRC - [2012/10/02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oaui.exe
PRC - [2012/10/02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oahlp.exe
PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2008/10/25 23:48:44 | 000,243,712 | ---- | M] () -- C:\Program Files (x86)\Infinite Password Generator\passgen.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/19 00:22:47 | 002,163,940 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\bin\libeay32-1.0.0-msvcrt.dll
MOD - [2013/06/19 00:22:47 | 000,459,458 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\bin\ssleay32-1.0.0-msvcrt.dll
MOD - [2013/06/19 00:22:47 | 000,274,944 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
MOD - [2013/06/19 00:22:47 | 000,126,976 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2013/06/19 00:22:47 | 000,120,832 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
MOD - [2013/06/19 00:22:47 | 000,118,784 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
MOD - [2013/06/19 00:22:47 | 000,104,448 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\bin\ZLIB1.dll
MOD - [2013/06/19 00:22:47 | 000,094,208 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2013/06/19 00:22:47 | 000,094,208 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2013/06/19 00:22:47 | 000,087,552 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2013/06/19 00:22:47 | 000,036,352 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
MOD - [2013/06/19 00:22:47 | 000,029,184 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2013/06/19 00:22:47 | 000,027,648 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2013/06/19 00:22:47 | 000,026,624 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
MOD - [2013/06/19 00:22:47 | 000,023,552 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
MOD - [2013/06/19 00:22:47 | 000,015,360 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
MOD - [2013/06/19 00:22:47 | 000,014,848 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2013/06/19 00:22:47 | 000,012,800 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2013/06/19 00:22:47 | 000,009,216 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2013/06/19 00:22:47 | 000,008,704 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
MOD - [2013/06/19 00:22:47 | 000,008,704 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
MOD - [2013/06/19 00:22:47 | 000,008,704 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
MOD - [2013/06/19 00:22:47 | 000,008,704 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
MOD - [2013/06/19 00:22:47 | 000,008,192 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr6354.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
MOD - [2013/06/19 00:22:44 | 000,126,976 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr5476.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2013/06/19 00:22:44 | 000,087,552 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr5476.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2013/06/19 00:22:44 | 000,029,184 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr5476.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2013/06/19 00:22:44 | 000,027,648 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr5476.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2013/06/19 00:22:43 | 000,094,208 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr5476.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2013/06/19 00:22:43 | 000,094,208 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr5476.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2013/06/19 00:22:43 | 000,014,848 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr5476.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2013/06/19 00:22:43 | 000,012,800 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr5476.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2013/06/19 00:22:43 | 000,009,216 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\ocr5476.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2013/06/17 22:51:30 | 000,059,904 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
MOD - [2013/06/17 22:51:21 | 001,234,944 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
MOD - [2013/06/17 22:51:21 | 001,198,592 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
MOD - [2013/06/17 22:51:21 | 000,642,048 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
MOD - [2013/06/17 22:51:21 | 000,511,488 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
MOD - [2013/06/17 22:51:21 | 000,290,816 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
MOD - [2013/06/17 22:51:20 | 000,815,104 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
MOD - [2013/06/17 22:51:19 | 000,745,472 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
MOD - [2013/06/17 22:51:19 | 000,344,064 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
MOD - [2013/06/17 22:51:19 | 000,176,128 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
MOD - [2013/06/17 22:51:18 | 009,186,952 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
MOD - [2013/06/17 22:51:18 | 000,376,832 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
MOD - [2013/06/17 22:51:18 | 000,217,088 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
MOD - [2013/06/17 22:51:18 | 000,200,704 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
MOD - [2013/06/17 22:51:18 | 000,184,320 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
MOD - [2013/06/17 22:51:17 | 000,510,464 | ---- | M] () -- C:\Program Files\pia_manager\openvpn.exe
MOD - [2013/06/17 22:51:17 | 000,090,112 | ---- | M] () -- C:\Program Files\pia_manager\lzo2.dll
MOD - [2013/06/17 13:37:21 | 003,583,912 | ---- | M] () -- C:\Program Files (x86)\Aurora\mozjs.dll
MOD - [2008/10/25 23:48:44 | 000,243,712 | ---- | M] () -- C:\Program Files (x86)\Infinite Password Generator\passgen.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/23 13:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/04/05 03:51:58 | 000,183,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2012/11/16 13:44:58 | 000,238,080 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/17 13:37:22 | 000,117,160 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/14 09:39:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/06 15:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/22 10:24:02 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 06:56:22 | 001,227,800 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/04/18 06:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/13 15:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2011/12/15 10:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/09 01:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 01:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/09 01:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 01:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/18 06:55:50 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/15 09:16:46 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/03/09 19:28:53 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/01/27 06:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 17:52:05 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/11/16 14:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/11/16 14:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/11/16 12:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 23:14:39 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/10/30 02:22:30 | 000,302,464 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express)
DRV:64bit: - [2012/10/13 07:04:24 | 000,010,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)
DRV:64bit: - [2012/10/13 06:37:15 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/10/13 06:36:19 | 000,018,832 | ---- | M] (PenMount) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pmkbdfltr.sys -- (pmkbdfltr)
DRV:64bit: - [2012/10/13 06:10:43 | 000,052,736 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2012/10/02 15:02:34 | 000,035,376 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/05 14:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 06:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 04:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 04:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/11 02:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 02:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 02:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 02:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/10/02 15:03:04 | 000,062,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2012/10/02 15:02:34 | 000,040,520 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2012/10/02 15:02:32 | 000,061,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = $currentSearchProvider
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.l...q={searchTerms}
IE - HKCU\..\SearchScopes\{7F296D3B-EB0F-4C72-B128-B30A1A3E3C9D}: "URL" = http://websearch.ask...EE-6EFD8A1B84EC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://duckduckgo.com"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: anticontainer%40downthemall.net:1.2.3
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.5
FF - prefs.js..extensions.enabledAddons: requestpolicy%40requestpolicy.com:0.5.27
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.16
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.2.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0a2
FF - prefs.js..keyword.URL: "http://safesearchr.l...050B5601825&q="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9049
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20121003-1150: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20121013-0402: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120606-0237: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Users\Administrator\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Users\Administrator\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@gentek.com/thinclient: C:\IGG\twclient_us\npthinclient.dll (Generic Network)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 23.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2013/06/17 16:06:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 23.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins [2013/06/17 22:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/10 22:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/11 23:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/17 16:39:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/17 16:06:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/17 22:36:51 | 000,000,000 | ---D | M]

[2012/10/13 11:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/06/11 22:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions
[2013/05/28 15:59:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/06/11 22:57:37 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013/05/28 15:59:07 | 000,000,000 | ---D | M] (Vauudix) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\[email protected]
[2013/05/18 23:45:03 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\[email protected]
[2013/05/26 17:04:50 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\[email protected]
[2013/03/03 14:37:52 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\[email protected]
[2013/03/04 23:09:59 | 000,094,120 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\[email protected]
[2012/10/13 22:20:25 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\[email protected]
[2012/10/13 11:27:53 | 000,172,839 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\[email protected]
[2012/10/13 11:27:00 | 000,620,484 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\[email protected]
[2012/11/21 18:55:11 | 000,026,551 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{02c6f6b9-d610-4e7e-9441-243c96c8dfab}.xpi
[2012/10/13 11:33:21 | 000,075,799 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2013/05/26 17:04:46 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/09 01:01:14 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/04 23:52:22 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/06/17 11:44:54 | 000,001,911 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\animelyricscom.xml
[2013/01/28 07:58:12 | 000,002,289 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\dailymotion.xml
[2012/10/13 11:31:56 | 000,010,345 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\duckduckgo.xml
[2013/03/15 08:39:21 | 000,001,635 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\firefox-add-ons.xml
[2013/06/09 13:46:33 | 000,012,707 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\imdb.xml
[2012/11/09 20:12:24 | 000,001,886 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\lyricwiki-en.xml
[2013/01/24 05:49:09 | 000,002,580 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\wikihack-en.xml
[2012/10/17 19:29:10 | 000,002,057 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\youtube-video-search.xml
[2013/06/11 23:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/11 18:27:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/11 23:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/11 23:44:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/10 22:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/06/17 16:39:34 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/11/27 17:51:39 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

========== Chrome ==========

CHR - default_search_provider: DuckDuckGo (Enabled)
CHR - default_search_provider: search_url = https://duckduckgo.c...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Thinclient (Enabled) = C:\IGG\twclient_us\npthinclient.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: IGG Web3D Updater NP Plugin for Mozilla (Enabled) = C:\Users\Administrator\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll
CHR - plugin: JoyConnectShell NP Plugin for Mozilla (Enabled) = C:\Users\Administrator\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.8_0\
CHR - Extension: Vauudix = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\celebkbghbfpocebejpafoolfpfhmndj\1\
CHR - Extension: Adblock Plus = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/18 23:50:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll File not found
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C8C4565-F7EC-4F02-AB05-66A451D4DCF4}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/04 10:35:02 | 000,000,046 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2004/09/15 14:28:22 | 000,448,000 | R--- | M] () - D:\Autorun1.exe -- [ CDFS ]
O32 - AutoRun File - [2004/11/10 15:36:38 | 000,000,169 | R--- | M] () - D:\Autorun1.ini -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/19 00:07:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/18 23:52:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/18 23:42:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/18 23:42:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/18 23:42:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/18 23:03:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2013/06/18 02:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/06/17 22:38:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2013/06/17 22:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/06/17 22:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/06/17 22:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/06/17 22:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/06/17 22:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/06/17 22:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013/06/17 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2013/06/17 16:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/06/17 16:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2013/06/17 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OnlineArmor
[2013/06/17 16:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2013/06/17 16:16:47 | 000,040,520 | ---- | C] (Emsisoft) -- C:\Windows\SysWow64\drivers\OAmon.sys
[2013/06/17 16:16:47 | 000,035,376 | ---- | C] (Emsisoft) -- C:\Windows\SysNative\drivers\OAnet.sys
[2013/06/17 16:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2013/06/17 16:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Online Armor
[2013/06/17 16:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/06/17 16:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/06/17 16:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/06/17 16:05:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/06/17 15:55:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Secunia PSI
[2013/06/17 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013/06/17 15:43:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/17 15:43:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/17 15:05:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Awesomium
[2013/06/17 02:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/06/12 00:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/11 23:14:28 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/06/11 23:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/06/11 23:14:27 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/11 23:14:25 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/06/11 23:14:23 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/06/11 23:14:21 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/11 23:14:15 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/06/11 23:14:15 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/06/11 23:13:46 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/06/11 23:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/11 23:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/06/11 22:58:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\QuickScan
[2013/06/11 20:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/07 13:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/06/03 05:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/03 05:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/03 05:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/06/03 05:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/03 05:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/30 08:57:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sword of the Stars - The Pit
[2013/05/28 15:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/05/28 15:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VaudiX
[2013/05/28 15:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vauudix
[2013/05/28 15:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Vauudix
[2013/05/28 15:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/19 00:58:47 | 000,002,435 | ---- | M] () -- C:\Users\Administrator\passgen3.ini
[2013/06/19 00:52:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/19 00:52:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/19 00:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/19 00:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/19 00:07:21 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/18 23:50:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/18 23:03:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/06/18 21:19:42 | 000,005,426 | ---- | M] () -- C:\Users\Administrator\Desktop\possible money.rtf
[2013/06/17 15:06:22 | 000,006,598 | ---- | M] () -- C:\Users\Administrator\Desktop\trimet.rtf
[2013/06/11 23:49:51 | 000,000,838 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/06/11 20:49:28 | 000,447,265 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.MVP
[2013/06/11 17:52:12 | 001,831,696 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/11 17:52:12 | 000,652,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/11 17:52:12 | 000,419,808 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013/06/11 17:52:12 | 000,417,398 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/06/11 17:52:12 | 000,121,882 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/06/11 17:52:12 | 000,121,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/11 17:52:12 | 000,120,000 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013/06/11 17:52:01 | 001,831,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/11 17:37:48 | 000,050,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 17:37:48 | 000,050,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 21:17:25 | 000,000,693 | ---- | M] () -- C:\Users\Administrator\Libraries - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/18 23:42:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/18 23:42:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/18 23:42:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/18 23:42:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/18 23:42:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/17 22:36:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/17 16:16:47 | 000,062,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2013/06/17 16:16:47 | 000,061,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2013/06/17 15:55:26 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/06/11 23:49:51 | 000,000,838 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/06/11 23:14:20 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/11 23:14:19 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/06/11 23:14:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/06/08 21:17:25 | 000,000,693 | ---- | C] () -- C:\Users\Administrator\Libraries - Shortcut.lnk
[2013/04/11 19:00:46 | 000,000,052 | ---- | C] () -- C:\Users\Administrator\jagex_cl_runescape_LIVE.dat
[2013/04/11 19:00:46 | 000,000,024 | ---- | C] () -- C:\Users\Administrator\random.dat
[2013/02/25 16:38:50 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2013/01/13 03:37:22 | 000,000,032 | ---- | C] () -- C:\Windows\scummvm.ini
[2012/12/14 05:48:04 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/12/04 03:09:51 | 001,831,696 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/15 12:30:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/15 16:21:19 | 000,004,140 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2012/10/14 20:34:49 | 000,002,435 | ---- | C] () -- C:\Users\Administrator\passgen3.ini
[2012/10/13 12:05:11 | 000,007,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/10/13 02:01:20 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/03 22:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/03 22:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 06:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 06:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 06:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/21 02:29:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.mono
[2012/11/04 02:54:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
[2012/11/03 22:32:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Aveyond 3
[2013/06/17 15:19:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Awesomium
[2012/11/24 05:59:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\calibre
[2012/10/15 16:20:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Carambis
[2013/03/31 00:59:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Carbon
[2013/03/25 02:03:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.radialgames.MonsterLovesYou
[2013/04/06 01:24:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.shirogames.evoland
[2013/02/25 15:28:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.stoicstudio.TheBannerSagaFactions
[2013/06/18 01:42:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012/10/23 07:36:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DarkBlood ServiceNa
[2013/03/13 22:09:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DefendersQuest
[2012/12/04 17:33:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Empty Clip Studios
[2012/11/03 23:36:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FairyBloomRe
[2012/10/18 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FairyBloomReTrial
[2013/05/12 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FEZ
[2012/11/03 22:16:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GD_RPG
[2013/03/03 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GlarySoft
[2013/01/15 01:48:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\iBBDemo2
[2012/10/22 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IGG
[2013/01/18 18:18:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2013/03/06 20:23:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nooskewl
[2013/06/17 16:19:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OnlineArmor
[2013/04/21 03:33:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2013/01/13 22:28:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlayFirst
[2012/11/21 18:50:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PMW
[2013/03/09 19:25:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PowerISO
[2013/06/11 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\QuickScan
[2012/11/24 23:59:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Renegade Kid
[2013/03/03 15:21:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Rovio
[2013/01/10 16:09:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SkyGoblin
[2012/10/30 06:36:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SpeedMyPC
[2013/04/03 21:43:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2013/05/30 12:51:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sword of the Stars - The Pit
[2013/03/08 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2012/10/30 06:44:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Systweak
[2013/03/15 09:18:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Titanium
[2012/10/14 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2012/10/30 06:14:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uniblue
[2012/11/22 16:14:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2013/06/18 23:57:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2013/04/21 00:38:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VBA-M

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Attached File  Extras.Txt   94.58KB   349 downloads

PC Specs:
OS Name Microsoft Windows 7 Ultimate
Version 6.1.7601 Service Pack 1 Build 7601
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Manufacturer Dell Inc.
System Model Inspiron 530
System Type x64-based PC
Processor Intel® Core™2 Duo CPU E8400 @ 3.00GHz, 2997 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date Dell Inc. 1.0.18, 2/24/2009
SMBIOS Version 2.5
Hardware Abstraction Layer Version = "6.1.7601.17514"
Installed Physical Memory (RAM) Not Available
Total Physical Memory 3.00 GB
Available Physical Memory 952 MB
Total Virtual Memory 7.49 GB
Available Virtual Memory 4.96 GB
Page File Space 4.50 GB
Page File C:\pagefile.sys

Edit: Minor text change, and removed ComboFix Log until asked to provide it.
Edit: Fixed the title to better reflect the problem now that I think I know what it is.
Edit: One more edit to update possible infection name as found by Emsisoft Emergency Kit. Tried everything else, and nothing detected or got rid of it, except EEK. It is strikingly similar to Google Redirect virus; which is what I thought it was upon reading the guides posted here. Maybe this will fix it.
Edit: Changed the title again, to reflect what I found using Emsisoft HiJackFree in the EEK. I'd appreciate any help I can get in getting rid of these. Please let me know if there are specific steps that need to be taken for any or all of them.

Edited by Arkanfel, 22 June 2013 - 10:17 PM.

  • 0

Advertisements

#2
gringo_pr
Posted 23 June 2013 - 03:34 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Arkanfel

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 1

#3
Arkanfel
Posted 25 June 2013 - 04:01 PM

Arkanfel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you for your help, I will keep in mind to paste the logs rather than attach them from now on. I am now receiving instant notifications, and I have downloaded and run AdwCleaner as directed. I was surprised at the amount of items it found. Some of these toolbars and such, I was certain I had gotten rid of. When I logged on to the forum again, I had a random popup asking me to update Java. The IP address looked strange, and was not blocked by McAfee Safe Search for some reason. Here's the log from AdwCleaner, and thanks again for your time:

# AdwCleaner v2.303 - Logfile created 06/25/2013 at 14:35:52
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Administrator - JOHN-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Administrator\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\Vaudix
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\Users\Administrator\AppData\Local\DownTango
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\adawaretb
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\jetpack
Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\d5wshcxg.default\adawaretb

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\d5wshcxg.default\prefs.js

Deleted : user_pref("browser.search.selectedEngine", "blekko");

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\prefs.js

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extensions.51a54132d1eb9.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.requestpolicy.allowedDestinations", "akamaihd.net 3-jl-w.channel.facebook.com [...]
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4907 octets] - [25/06/2013 14:35:52]

########## EOF - C:\AdwCleaner[S1].txt - [4967 octets] ##########
  • 0

#4
Arkanfel
Posted 25 June 2013 - 04:53 PM

Arkanfel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Gringo,
Running JRT also turned up several items that I was certain I'd gotten rid of. I'm guessing it's malware :). It was a challenge to come up with the names, because what I read about them didn't fit what they did. I searched and found none of the strange .dlls or .exes where they were said to be, and I continued getting popups after running anti-malware and anti-virus programs. But still had symptoms of an infection, slow internet, popups, and at times a slowed down computer. Since running both of these programs; specifically JRT, I haven't seen further popups as of yet. Thank you for directing me to these programs, and thanks again for your help. Here is the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Administrator on 06/25/2013 Tue at 15:14:19.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7F296D3B-EB0F-4C72-B128-B30A1A3E3C9D}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Administrator\AppData\Roaming\systweak"



~~~ FireFox

Successfully deleted: [File] "C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\wa6y94a1.default\extensions\[email protected]"
Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\wa6y94a1.default\searchplugins\youtube-video-search.xml
Successfully deleted the following from C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\wa6y94a1.default\prefs.js

user_pref("extensions.51a54132d1eb9.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("[email protected]", true);
user_pref("extensions.requestpolicy.allowedOrigins", "about:addons duckduckgo.com mozilla.org battle.net microsoft.com intel.com systemrequirementslab.com oracle.com avira.com
user_pref("keyword.URL", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=D90F0FB4EB5568B8BFA39050B5601825&q=");
Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\wa6y94a1.default\minidumps [158 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/25/2013 Tue at 15:16:08.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Edit: Popups are actually not gone yet. I am still getting a weird popup at random telling me to update java.

Edited by Arkanfel, 25 June 2013 - 06:08 PM.

  • 0

#5
gringo_pr
Posted 25 June 2013 - 07:27 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Arkanfel

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#6
Arkanfel
Posted 26 June 2013 - 12:58 AM

Arkanfel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello, here is my log of ComboFix. I did run into one small issue while running it in safe mode with all anti-virus and anti-malware programs turned off. Eventually I had to temporarily uninstall avast! so that ComboFix wouldn't keep detecting real-time protection. Even after uninstalling the antivirus, and deleting the registry keys and any folders left behind after the uninstall, ComboFix continued to detect avast! real-time protection for some reason. Finally, I just decided to run it. I checked the avast forums on how to disable real-time protection and found no advice other than uninstalling it. That was the only issue I ran into.

Often times in the past when I've been infected with something, the only thing that can fix the malware problem turns out to be formatting the drive. Which I am never fond of, but will if I have to. As for how it is doing now, I will let you know as soon as I know. Thank you for all of your help. I greatly appreciate your time.

ComboFix 13-06-25.01 - Administrator 5/2013 Tue 22:30:25.2.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.3070.2380 [GMT -7:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\GetValue.vbs
c:\windows\SysWow64\tmp.reg
.
.
((((((((((((((((((((((((( Files Created from 2013-05-26 to 2013-06-26 )))))))))))))))))))))))))))))))
.
.
2013-06-26 05:38 . 2013-06-26 05:38 -------- d-----w- c:\users\matt\AppData\Local\temp
2013-06-26 05:38 . 2013-06-26 05:38 -------- d-----w- c:\users\John\AppData\Local\temp
2013-06-26 05:38 . 2013-06-26 05:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-26 05:09 . 2013-06-26 05:09 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-06-25 22:14 . 2013-06-25 22:14 -------- d-----w- c:\windows\ERUNT
2013-06-25 22:13 . 2013-06-25 22:13 -------- d-----w- C:\JRT
2013-06-23 07:17 . 2013-06-23 07:17 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BC1B510-C6DD-425D-8DAB-9E81A4F94B03}\offreg.dll
2013-06-23 07:16 . 2013-06-23 07:16 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-06-23 07:16 . 2013-06-23 07:16 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-06-23 07:12 . 2013-06-23 07:12 -------- d-----w- c:\program files (x86)\Gazillion Entertainment
2013-06-23 07:10 . 2013-06-23 08:19 -------- d-----w- c:\programdata\BitRaider
2013-06-23 05:20 . 2013-06-23 05:20 -------- d-----w- c:\programdata\Sophos
2013-06-23 05:20 . 2013-06-23 05:20 73728 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-06-23 05:20 . 2013-06-23 05:20 73728 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-06-23 05:20 . 2013-06-23 05:20 73728 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-06-23 05:20 . 2013-06-23 05:20 -------- d-----w- c:\program files (x86)\Sophos
2013-06-22 07:18 . 2013-06-22 07:18 -------- d-----w- C:\bintheredunthat
2013-06-22 06:45 . 2013-06-22 06:45 35 ----a-w- c:\users\Administrator\AppData\Roaming\SetValue.bat
2013-06-21 04:28 . 2013-06-21 04:29 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-21 04:28 . 2013-06-21 04:29 -------- d-----w- c:\program files\iTunes
2013-06-21 04:28 . 2013-06-21 04:29 -------- d-----w- c:\program files (x86)\iTunes
2013-06-21 04:28 . 2013-06-21 04:28 -------- d-----w- c:\program files\iPod
2013-06-21 02:31 . 2013-06-21 02:31 -------- d-----w- C:\Device
2013-06-21 02:22 . 2013-06-21 02:22 -------- d-----w- C:\_OTM
2013-06-20 23:59 . 2013-06-20 23:58 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-20 23:58 . 2013-06-20 23:58 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-20 23:58 . 2013-06-20 23:58 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-20 23:58 . 2013-06-20 23:58 188840 ----a-w- c:\windows\system32\java.exe
2013-06-19 06:06 . 2013-06-19 06:06 -------- d-----w- C:\avast! sandbox
2013-06-19 06:03 . 2013-06-19 06:03 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2013-06-18 09:22 . 2013-06-18 09:22 -------- d-----w- c:\programdata\ATI
2013-06-18 05:38 . 2013-06-18 05:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2013-06-18 05:38 . 2013-06-21 04:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-18 05:38 . 2013-06-18 05:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-06-18 05:36 . 2013-06-18 05:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-06-18 05:32 . 2011-11-04 12:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2013-06-18 05:32 . 2009-03-24 19:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2013-06-18 05:32 . 2013-06-24 07:41 -------- d-----w- c:\program files (x86)\SpywareBlaster
2013-06-17 23:39 . 2013-06-17 23:39 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2013-06-17 23:39 . 2013-06-17 23:39 -------- d-----w- c:\program files\McAfee
2013-06-17 23:39 . 2013-06-18 04:27 -------- d-----w- c:\program files (x86)\McAfee
2013-06-17 23:19 . 2013-06-18 04:30 -------- d-----w- c:\programdata\OnlineArmor
2013-06-17 23:19 . 2013-06-17 23:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\OnlineArmor
2013-06-17 23:16 . 2013-06-20 06:01 35376 ----a-w- c:\windows\system32\drivers\OAnet.sys
2013-06-17 23:16 . 2013-06-20 06:01 52368 ----a-w- c:\windows\SysWow64\drivers\OAmon.sys
2013-06-17 23:16 . 2013-06-20 06:01 61632 ----a-w- c:\windows\SysWow64\drivers\OADriver.sys
2013-06-17 23:16 . 2013-06-20 06:00 62016 ----a-w- c:\windows\SysWow64\drivers\oahlp64.sys
2013-06-17 23:16 . 2013-06-20 06:03 -------- d-----w- c:\program files (x86)\Online Armor
2013-06-17 23:06 . 2013-06-17 23:06 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-17 23:06 . 2013-06-17 23:06 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-17 23:06 . 2013-06-17 23:06 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-17 23:06 . 2013-06-17 23:06 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-17 23:06 . 2013-06-17 23:06 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-17 23:06 . 2013-06-17 23:06 -------- d-----w- c:\program files (x86)\QuickTime
2013-06-17 23:05 . 2013-06-17 23:05 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-06-17 22:55 . 2013-06-17 22:55 -------- d-----w- c:\users\Administrator\AppData\Local\Secunia PSI
2013-06-17 22:55 . 2013-06-17 22:55 -------- d-----w- c:\program files (x86)\Secunia
2013-06-17 22:05 . 2013-06-23 09:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\Awesomium
2013-06-12 06:44 . 2013-05-11 22:27 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-12 06:44 . 2013-05-11 22:26 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-06-12 06:14 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-12 06:09 . 2013-06-26 05:09 -------- d-----w- c:\programdata\AVAST Software
2013-06-12 05:58 . 2013-06-22 22:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\QuickScan
2013-06-12 03:29 . 2013-06-18 09:43 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-12 00:46 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-07 20:53 . 2013-06-07 20:53 -------- d-----w- c:\program files\Intel
2013-06-01 19:39 . 2013-05-14 08:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BC1B510-C6DD-425D-8DAB-9E81A4F94B03}\mpengine.dll
2013-05-30 15:57 . 2013-05-30 19:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sword of the Stars - The Pit
2013-05-28 22:59 . 2013-05-28 22:59 -------- d-----w- c:\programdata\StarApp
2013-05-28 22:58 . 2013-06-23 02:05 -------- d-----w- c:\programdata\Vauudix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-20 23:58 . 2012-10-13 19:31 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-20 23:58 . 2012-10-13 19:31 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-14 16:39 . 2012-10-13 17:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-14 16:39 . 2012-10-13 17:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 07:00 . 2012-10-13 19:30 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 07:00 . 2012-10-13 19:30 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 00:52 . 2012-10-13 08:06 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-01 10:59 . 2013-05-01 10:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-18 13:55 . 2013-04-18 13:55 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
2013-04-17 15:35 . 2013-04-17 15:35 228864 ----a-w- c:\windows\system32\Ncs2Setp.dll
2013-04-17 15:28 . 2013-04-17 15:28 824024 ----a-w- c:\windows\system32\ncs2dmix.dll
2013-04-17 15:28 . 2013-04-17 15:28 796888 ----a-w- c:\windows\system32\accesor.dll
2013-04-17 15:16 . 2013-04-17 15:16 223960 ----a-w- c:\windows\system32\ncs2instutility.dll
2013-04-17 15:11 . 2013-04-17 15:11 3334872 ----a-w- c:\windows\system32\ncscolib.dll
2013-04-13 05:49 . 2013-05-14 23:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 23:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 23:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 23:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 23:36 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 23:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 00:35 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-14 23:36 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-14 23:36 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-14 23:36 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-05 12:11 . 2013-04-05 12:11 33616 ----a-w- c:\windows\system32\drivers\iqvw64e.sys
2013-04-05 10:51 . 2013-04-05 10:51 183560 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2013-04-04 21:50 . 2012-10-13 12:37 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-12-15 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-12-15 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-11-16 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-17 641704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys;c:\windows\SysWow64\Drivers\OADriver.sys [x]
R1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys;c:\windows\syswow64\drivers\oahlp64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R4 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe;c:\program files (x86)\Online Armor\OAcat.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe;c:\program files (x86)\Online Armor\oasrv.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys;c:\windows\SysWOW64\Drivers\OAmon.sys [x]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys;c:\windows\SYSNATIVE\DRIVERS\oanet.sys [x]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys;c:\windows\SYSNATIVE\DRIVERS\pmkbdfltr.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys;c:\windows\SYSNATIVE\DRIVERS\whfltr2k.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 22:52 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 16:39]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21 02:42]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21 02:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9049
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-05-28 16:43; [email protected]; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\[email protected]
FF - ExtSQL: 2013-06-11 22:57; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2013-06-17 16:39; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-{36D8B855-0ACB-B806-D550-7FCA538C8F0A} - c:\progra~3\INSTAL~1\{18C0B~1\Setup.exe
AddRemove-{942A0DBF-B9C3-5764-7419-4D6BE7E97B85} - c:\progra~3\INSTAL~1\{416CD~1\Setup.exe
AddRemove-{B99B15A1-B9DA-4AAE-629E-EA815955A13C} - c:\progra~3\INSTAL~1\{212BA~1\Setup.exe
AddRemove-{E55DE88B-1CBB-10CA-22B9-9DA9C00A61DC} - c:\progra~3\INSTAL~1\{FB1AA~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,05,
6c,c2,8c,47,0a,ad,e7,94,9a,f0,9f,6f,5e
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d9,
c1,77,fe,30,0f,a7,78,dc,65,c0,83,ca,b4
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:b2,a8,f1,96,9e,a9,cd,01
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,0f,26,43,37,04,7f,4d,94,dd,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,0f,26,43,37,04,7f,4d,94,dd,25,\
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.3g2"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3ga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.3ga"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.3gp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.3gp2"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.3gpp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.aac"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ac3"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.aif"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.aifc"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.aiff"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.alac"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.amr"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.amv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.aob"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ape"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.apl"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.asf"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.asx"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.au"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.avi"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bdmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.bdmv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bik\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.bik"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.cda"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.d2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.d2v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.divx"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dsa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.dsa"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dsm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.dsm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dss\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.dss"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dsv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.dsv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.dts"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.evo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.evo"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.f4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.f4v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.flac"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.flc"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.fli"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flic\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.flic"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.flv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.hdmov"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ifo"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ivf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ivf"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m1a"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m1v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m2a"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m2p"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m2t"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m2ts"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m2v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m3u"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m3u8"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m4a"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m4b"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m4r"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m4v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mid"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.midi"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mka"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mkv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mlp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mov"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mp2"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mp2v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mp3"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mp4"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mp4v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpa"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpc"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpcpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpcpl"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpe"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpeg"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpg"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpls"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpv2"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpv4"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mts"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MSInfoFile"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ofr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ofr"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ofs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ofs"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.oga"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ogg"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ogm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ogv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.opus\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.opus"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.pls"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pva\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.pva"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ra"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ram"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rec"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rmi"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rmm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rmvb"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rpm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rpm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rt"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.smi"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.smil"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.smk"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.snd"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.swf"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tak\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.tak"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.tp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.trp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.trp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ts"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.tta"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.vob"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wav"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wax"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.webm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wma"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wmp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wmv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wmx"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wvx"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-25 22:41:16
ComboFix-quarantined-files.txt 2013-06-26 05:41
ComboFix2.txt 2013-06-19 06:52
.
Pre-Run: 74,618,732,544 bytes free
Post-Run: 74,714,488,832 bytes free
.
- - End Of File - - E8B70AA93A201CC0964166DB866857F2
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#7
gringo_pr
Posted 26 June 2013 - 02:15 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Arkanfel

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 1

#8
Arkanfel
Posted 26 June 2013 - 08:23 PM

Arkanfel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello,
I had something strange happen before I was able to run ComboFix. After uninstalling and disabling parts of avast and restarting the computer, Windows didn't start for some reason, and I eventually had to run a System Recovery. So I started in safe mode, and uninstalled avira from there. Restarted once more in safe mode to finish that, and then I was able to run ComboFix using the command switch. Before all of this, I started seeing the url in random popups, leading to some Asian employment site again. The format is something like [X single letter here] ['y' or 'z' or some other letter of the alphabet].employmentasiaally.com. Anyway, since I've restarted in normal mode, I haven't seen any new popups. One thing I noticed was gone after running ComboFix and JRT yesterday was that a Mozilla Firefox addon, RequestPolicy had been deleted for some reason. I typically hold on to that one, and also NoScript so I can block parts of individual web sites and strange IP addresses from accessing my browser. After running ComboFix today with the command switch you provided, it looks like it is still here, and so that's good for now. It seems at the moment that other things are running okay, but I always know in a little bit. You have been very helpful to me throughout this process, and I greatly appreciate your work. Thanks again, and here is the ComboFix report:

ComboFix 13-06-25.01 - Administrator 6/2013 Wed 18:12:06.3.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.3070.1935 [GMT -7:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-05-27 to 2013-06-27 )))))))))))))))))))))))))))))))
.
.
2013-06-27 01:20 . 2013-06-27 01:20 -------- d-----w- c:\users\matt\AppData\Local\temp
2013-06-27 01:20 . 2013-06-27 01:20 -------- d-----w- c:\users\John\AppData\Local\temp
2013-06-27 01:20 . 2013-06-27 01:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-26 07:22 . 2013-06-26 07:22 -------- d-----w- c:\program files\AVAST Software
2013-06-26 05:09 . 2013-06-26 05:09 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-06-25 22:14 . 2013-06-25 22:14 -------- d-----w- c:\windows\ERUNT
2013-06-25 22:13 . 2013-06-25 22:13 -------- d-----w- C:\JRT
2013-06-23 07:17 . 2013-06-23 07:17 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BC1B510-C6DD-425D-8DAB-9E81A4F94B03}\offreg.dll
2013-06-23 07:16 . 2013-06-23 07:16 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-06-23 07:16 . 2013-06-23 07:16 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-06-23 07:12 . 2013-06-23 07:12 -------- d-----w- c:\program files (x86)\Gazillion Entertainment
2013-06-23 07:10 . 2013-06-23 08:19 -------- d-----w- c:\programdata\BitRaider
2013-06-23 05:20 . 2013-06-23 05:20 -------- d-----w- c:\programdata\Sophos
2013-06-23 05:20 . 2013-06-23 05:20 73728 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-06-23 05:20 . 2013-06-23 05:20 73728 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-06-23 05:20 . 2013-06-23 05:20 73728 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-06-23 05:20 . 2013-06-23 05:20 -------- d-----w- c:\program files (x86)\Sophos
2013-06-22 07:18 . 2013-06-22 07:18 -------- d-----w- C:\bintheredunthat
2013-06-22 06:45 . 2013-06-22 06:45 35 ----a-w- c:\users\Administrator\AppData\Roaming\SetValue.bat
2013-06-21 04:28 . 2013-06-21 04:29 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-21 04:28 . 2013-06-21 04:29 -------- d-----w- c:\program files\iTunes
2013-06-21 04:28 . 2013-06-21 04:29 -------- d-----w- c:\program files (x86)\iTunes
2013-06-21 04:28 . 2013-06-21 04:28 -------- d-----w- c:\program files\iPod
2013-06-21 02:31 . 2013-06-21 02:31 -------- d-----w- C:\Device
2013-06-21 02:22 . 2013-06-21 02:22 -------- d-----w- C:\_OTM
2013-06-20 23:59 . 2013-06-20 23:58 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-20 23:58 . 2013-06-20 23:58 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-20 23:58 . 2013-06-20 23:58 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-20 23:58 . 2013-06-20 23:58 188840 ----a-w- c:\windows\system32\java.exe
2013-06-19 06:06 . 2013-06-19 06:06 -------- d-----w- C:\avast! sandbox
2013-06-19 06:03 . 2013-06-19 06:03 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2013-06-18 09:22 . 2013-06-18 09:22 -------- d-----w- c:\programdata\ATI
2013-06-18 05:38 . 2013-06-18 05:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2013-06-18 05:38 . 2013-06-21 04:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-18 05:38 . 2013-06-18 05:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-06-18 05:36 . 2013-06-18 05:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-06-18 05:32 . 2011-11-04 12:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2013-06-18 05:32 . 2009-03-24 19:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2013-06-18 05:32 . 2013-06-24 07:41 -------- d-----w- c:\program files (x86)\SpywareBlaster
2013-06-17 23:39 . 2013-06-17 23:39 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2013-06-17 23:39 . 2013-06-17 23:39 -------- d-----w- c:\program files\McAfee
2013-06-17 23:39 . 2013-06-18 04:27 -------- d-----w- c:\program files (x86)\McAfee
2013-06-17 23:19 . 2013-06-18 04:30 -------- d-----w- c:\programdata\OnlineArmor
2013-06-17 23:19 . 2013-06-17 23:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\OnlineArmor
2013-06-17 23:16 . 2013-06-20 06:01 35376 ----a-w- c:\windows\system32\drivers\OAnet.sys
2013-06-17 23:16 . 2012-10-02 22:03 62016 ----a-w- c:\windows\SysWow64\drivers\oahlp64.sys
2013-06-17 23:16 . 2012-10-02 22:02 40520 ----a-w- c:\windows\SysWow64\drivers\OAmon.sys
2013-06-17 23:16 . 2012-10-02 22:02 61632 ----a-w- c:\windows\SysWow64\drivers\OADriver.sys
2013-06-17 23:16 . 2013-06-26 07:14 -------- d-----w- c:\program files (x86)\Online Armor
2013-06-17 23:06 . 2013-06-17 23:06 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-17 23:06 . 2013-06-17 23:06 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-17 23:06 . 2013-06-17 23:06 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-17 23:06 . 2013-06-17 23:06 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-17 23:06 . 2013-06-17 23:06 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-17 23:06 . 2013-06-17 23:06 -------- d-----w- c:\program files (x86)\QuickTime
2013-06-17 23:05 . 2013-06-17 23:05 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-06-17 22:55 . 2013-06-17 22:55 -------- d-----w- c:\users\Administrator\AppData\Local\Secunia PSI
2013-06-17 22:55 . 2013-06-17 22:55 -------- d-----w- c:\program files (x86)\Secunia
2013-06-17 22:05 . 2013-06-23 09:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\Awesomium
2013-06-12 06:44 . 2013-05-11 22:27 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-12 06:44 . 2013-05-11 22:26 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-06-12 06:14 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-12 06:09 . 2013-06-27 01:06 -------- d-----w- c:\programdata\AVAST Software
2013-06-12 05:58 . 2013-06-22 22:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\QuickScan
2013-06-12 03:29 . 2013-06-18 09:43 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-12 00:46 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-07 20:53 . 2013-06-07 20:53 -------- d-----w- c:\program files\Intel
2013-06-01 19:39 . 2013-05-14 08:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BC1B510-C6DD-425D-8DAB-9E81A4F94B03}\mpengine.dll
2013-05-30 15:57 . 2013-05-30 19:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sword of the Stars - The Pit
2013-05-28 22:59 . 2013-05-28 22:59 -------- d-----w- c:\programdata\StarApp
2013-05-28 22:58 . 2013-06-23 02:05 -------- d-----w- c:\programdata\Vauudix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-20 23:58 . 2012-10-13 19:31 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-20 23:58 . 2012-10-13 19:31 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-14 16:39 . 2012-10-13 17:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-14 16:39 . 2012-10-13 17:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 07:00 . 2012-10-13 19:30 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 07:00 . 2012-10-13 19:30 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 00:52 . 2012-10-13 08:06 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-01 10:59 . 2013-05-01 10:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-18 13:55 . 2013-04-18 13:55 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
2013-04-17 15:35 . 2013-04-17 15:35 228864 ----a-w- c:\windows\system32\Ncs2Setp.dll
2013-04-17 15:28 . 2013-04-17 15:28 824024 ----a-w- c:\windows\system32\ncs2dmix.dll
2013-04-17 15:28 . 2013-04-17 15:28 796888 ----a-w- c:\windows\system32\accesor.dll
2013-04-17 15:16 . 2013-04-17 15:16 223960 ----a-w- c:\windows\system32\ncs2instutility.dll
2013-04-17 15:11 . 2013-04-17 15:11 3334872 ----a-w- c:\windows\system32\ncscolib.dll
2013-04-13 05:49 . 2013-05-14 23:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 23:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 23:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 23:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 23:36 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 23:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 00:35 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-14 23:36 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-14 23:36 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-14 23:36 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-05 12:11 . 2013-04-05 12:11 33616 ----a-w- c:\windows\system32\drivers\iqvw64e.sys
2013-04-05 10:51 . 2013-04-05 10:51 183560 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2013-04-04 21:50 . 2012-10-13 12:37 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-12-15 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-12-15 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-11-16 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-17 641704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys;c:\windows\SysWow64\Drivers\OADriver.sys [x]
R1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys;c:\windows\syswow64\drivers\oahlp64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe;c:\program files (x86)\Online Armor\OAcat.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe;c:\program files (x86)\Online Armor\oasrv.exe [x]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys;c:\windows\SysWOW64\Drivers\OAmon.sys [x]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys;c:\windows\SYSNATIVE\DRIVERS\oanet.sys [x]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys;c:\windows\SYSNATIVE\DRIVERS\pmkbdfltr.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys;c:\windows\SYSNATIVE\DRIVERS\whfltr2k.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 22:52 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 16:39]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21 02:42]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21 02:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"@OnlineArmor GUI"="c:\program files (x86)\Online Armor\oaui.exe" [2012-10-02 2415104]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9049
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-05-28 16:43; [email protected]; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\[email protected]
FF - ExtSQL: 2013-06-11 22:57; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2013-06-17 16:39; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-06-26 05:25; [email protected]; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SearchProtection - c:\programdata\Search Protection\_run.bat
AddRemove-{36D8B855-0ACB-B806-D550-7FCA538C8F0A} - c:\progra~3\INSTAL~1\{18C0B~1\Setup.exe
AddRemove-{942A0DBF-B9C3-5764-7419-4D6BE7E97B85} - c:\progra~3\INSTAL~1\{416CD~1\Setup.exe
AddRemove-{B99B15A1-B9DA-4AAE-629E-EA815955A13C} - c:\progra~3\INSTAL~1\{212BA~1\Setup.exe
AddRemove-{E55DE88B-1CBB-10CA-22B9-9DA9C00A61DC} - c:\progra~3\INSTAL~1\{FB1AA~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,05,
6c,c2,8c,47,0a,ad,e7,94,9a,f0,9f,6f,5e
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d9,
c1,77,fe,30,0f,a7,78,dc,65,c0,83,ca,b4
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:b2,a8,f1,96,9e,a9,cd,01
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,0f,26,43,37,04,7f,4d,94,dd,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,0f,26,43,37,04,7f,4d,94,dd,25,\
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.3g2"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3ga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.3ga"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.3gp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.3gp2"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.3gpp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.aac"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ac3"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.aif"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.aifc"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.aiff"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.alac"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.amr"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.amv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.aob"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ape"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.apl"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.asf"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.asx"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.au"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.avi"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bdmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.bdmv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bik\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.bik"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.cda"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.d2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.d2v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.divx"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dsa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.dsa"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dsm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.dsm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dss\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.dss"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dsv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.dsv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.dts"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.evo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.evo"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.f4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.f4v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.flac"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.flc"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.fli"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flic\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.flic"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.flv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.hdmov"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ifo"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ivf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ivf"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m1a"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m1v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m2a"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m2p"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m2t"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m2ts"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m2v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m3u"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m3u8"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m4a"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m4b"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m4r"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.m4v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mid"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.midi"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mka"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mkv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mlp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mov"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mp2"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mp2v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mp3"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mp4"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mp4v"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpa"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpc"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpcpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpcpl"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpe"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpeg"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpg"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpls"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpv2"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mpv4"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.mts"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MSInfoFile"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ofr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ofr"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ofs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ofs"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.oga"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ogg"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ogm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ogv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.opus\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.opus"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.pls"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pva\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.pva"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ra"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ram"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rec"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rmi"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rmm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rmvb"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rpm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rpm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.rt"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.smi"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.smil"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.smk"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.snd"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.swf"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tak\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.tak"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.tp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.trp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.trp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.ts"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.tta"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.vob"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wav"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wax"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.webm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wm"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wma"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wmp"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wmv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wmx"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wv"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.wvx"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-26 18:22:43
ComboFix-quarantined-files.txt 2013-06-27 01:22
ComboFix2.txt 2013-06-26 05:41
ComboFix3.txt 2013-06-19 06:52
.
Pre-Run: 74,524,618,752 bytes free
Post-Run: 73,869,287,424 bytes free
.
- - End Of File - - 22AAACB0C5D0D43416861344B1316BE0
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#9
gringo_pr
Posted 26 June 2013 - 09:22 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Arkanfel

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#10
Arkanfel
Posted 26 June 2013 - 11:47 PM

Arkanfel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ok, here's the other report. And A slight edit to the strange url I gave earlier from random popups: z.employmentapplicationsforally.asia, that is the format each one typically has, and the only thing that ever seems to change is the single letter at the beginning.
Report is:

3D Sound Back Beta0.1
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Amazon Kindle
Angry Birds
Angry Birds Seasons
Antichamber
Apple Application Support
Apple Software Update
Audiosurf
Aurora 23.0a2 (x86 en-US)
BitRaider Web Client
Black Mirror
calibre
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ConvertHelper 2.2
D-Fend Reloaded 1.3.2 (deinstall)
DAEMON Tools Lite
Dangerous Dave Pack
Diablo III
DivX Setup
Don't Starve
eMule
ffdshow v1.1.3800 [2011-03-28]
Game Booster 3
GOG.com Downloader version 3.5.7
Google Chrome
Google Drive
Google Update Helper
Guild Wars
HydraVision
IGG Web3D Player version 1.0.0.38
Infinite Password Generator 3.1
Kingdoms of Amalur: Reckoning
Malwarebytes Anti-Malware version 1.75.0.1300
Marvel Heroes
McAfee SiteAdvisor
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
NVIDIA PhysX
Online Armor 6.0
OpenVPN 2.2.2
Origin
PowerISO
Private Internet Access Support Files
QuickTime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
ScummVM 0.9.1
Secunia PSI (3.0.0.7009)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype™ 6.3
Smart Defrag 2
Sophos Virus Removal Tool
Space Empires IV Deluxe
Spelling Dictionaries Support For Adobe Reader 9
Spotify
SpywareBlaster 5.0
Steam
Super House of Dead Ninjas
swMSM
System Requirements Lab for Intel
The Binding of Isaac
The Real Texas
Torchlight II
Ultima Online Enhanced Client
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Vauudix
VC80CRTRedist - 8.0.50727.6195
World of Warcraft
Zip Motion Block Video codec (Remove Only)
μTorrent
天鳳 v1.3
  • 0

Advertisements

#11
gringo_pr
Posted 27 June 2013 - 02:46 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Are you still seeing it?


Gringo
  • 0

#12
Arkanfel
Posted 27 June 2013 - 09:08 PM

Arkanfel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Yes, actually and several new ones, for some reason. Some from cpvfeed.mediatraffic.com, cpadominator.com and some other copies of the employmentapplications.asia, and another one called n9s4.info. And that's just after starting Aurora Firefox browser like I usually do, and now the popups are showing up without me doing anything. Nother called mysweetdeals.org just came up when I clicked in this box to type my reply. Thanks again for getting back to me.
  • 0

#13
gringo_pr
Posted 27 June 2013 - 09:25 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Arkanfel

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+

send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
  • 1

#14
Arkanfel
Posted 27 June 2013 - 11:19 PM

Arkanfel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello Gringo

I am attaching the TDSSKiller log because the forum asked me to shorten it. I will post the RogueKiller log next, it created two reports and both of them were named [0], and so I've posted the more recent one, it could be just because of the version I used. Thank you again for sticking with me on this. I ran it in safe mode, and am about to restart normally to see how it works:

RogueKiller V8.6.1 _x64_ [Jun 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Administrator [Admin rights]
Mode : Remove -- Date : 06/27/2013 22:30:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FF][PROXY] wa6y94a1.default : user_pref("network.proxy.type", 4); -> NOT REMOVED, USE PROXYFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 ATA Device +++++
--- User ---
[MBR] 01603f04c391a59f50b435227dad276e
[BSP] 03f896d43fd327991aba875e0b041025 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06272013_223036.txt >>
RKreport[0]_S_06272013_222836.txt


Edit: To add RogueKiller log.
Edit: To fix minor typo.

Attached Files


Edited by Arkanfel, 27 June 2013 - 11:42 PM.

  • 0

#15
Arkanfel
Posted 28 June 2013 - 12:06 AM

Arkanfel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Right now, the random urls and popups appear to be gone. and I haven't seen any more of the Java popups since running ComboFix yesterday. It's looking good so far. Before running RogueKiller, after finishing TDSSKiller, I saw a momentary browser freeze and the message "Do you want to continue running scripts on this page?" with the choices of 'Stop or Continue script.' Even after pressing stop, the browser froze, and eventually I had to go to Task Manager, kill the process , and restart it again to finish posting. I have had no problems since then and so I'm thinking it was probably just a fluke. I greatly appreciate your advice, this has to be farther than I've ever gotten with removing pesky malware before; aside from formatting my hard drive and starting again. It has been very enlightening, but certainly taken some time. Towards the end of typing this reply, I saw the popup again, this time using the 'http://p.employmenta...onsforally.asia' url. I saw that last time too, and it is trying to redirect the popup from http://cpvfeed.mediatraffic.com.
Edit: a typo fix.
Edit: Another edit for better clarity.

Edited by Arkanfel, 28 June 2013 - 07:40 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP