Solved Malware saying I have a trojan

OTL logfile created on: 11/3/2012 7:49:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 56.07% Memory free
8.00 Gb Paging File | 6.14 Gb Available in Paging File | 76.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 148.49 Gb Free Space | 63.79% Space Free | Partition Type: NTFS
Drive D: | 313.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PRODIGGITY-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 07:46:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/27 21:46:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/19 07:47:19 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/01/19 07:26:19 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011/06/09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/24 21:57:09 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/03/24 21:56:54 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/08/21 14:22:50 | 001,427,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2009/08/19 19:44:56 | 000,603,136 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe
PRC - [2009/07/17 18:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/07/13 19:15:34 | 002,222,528 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe
PRC - [2008/05/20 14:55:00 | 007,520,256 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe
PRC - [2008/05/20 14:53:34 | 000,245,760 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\UVC Video Camera\UVCSti.exe
PRC - [2007/11/20 16:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
PRC - [2007/05/11 14:58:54 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Razer\Habu\razerhid.exe
PRC - [2006/08/07 20:00:28 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Habu\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/27 21:46:31 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/08 09:46:17 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/02/25 18:08:54 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll
MOD - [2007/05/11 14:58:54 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Razer\Habu\razerhid.exe
MOD - [2007/01/04 01:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\vvc.dll
MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/08/17 16:23:16 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Razer\Habu\download.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/27 21:46:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/24 08:58:30 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2010/08/25 09:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr)
SRV - [2010/03/24 21:57:09 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/03/24 21:56:54 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/17 18:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/07 19:24:40 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/07 02:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2009/08/17 07:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/23 22:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2008/10/23 22:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2008/05/20 20:14:34 | 000,280,064 | ---- | M] (CamVendor) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cam3820a.sys -- (Cam3820)
DRV:64bit: - [2007/12/10 22:49:54 | 000,026,624 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007/12/02 22:20:54 | 000,024,064 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2007/07/27 18:12:22 | 000,476,160 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV - [2010/09/07 02:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15153&l=dis
IE - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 1A 17 2A A9 C4 CA 01 [binary data]
IE - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=UT2V5&o=15150&src=crm&q={searchTerms}&locale=en_US
IE - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com "
FF - prefs.js..browser.search.defaultenginename: "Yahoo "
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= "
FF - prefs.js..browser.search.order.1: "Ask.com "
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff- "
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff- "
FF - prefs.js..browser.search.selectedEngine: "Yahoo "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig "
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..extensions.enabledAddons: kgcdlinojc@kgcdlinojc.org:2.5
FF - prefs.js..extensions.enabledItems: {f8946e7d-99a3-4100-a357-62b283b3fb4e}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= "


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-470c28140c5148c2\\NPRobloxProxy.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/02 17:17:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/02 21:15:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 21:46:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 21:46:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 21:46:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 21:46:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/02 17:17:56 | 000,000,000 | ---D | M]

[2010/03/15 21:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2012/10/26 18:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\extensions
[2012/10/17 08:38:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/21 22:43:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\extensions\engine@conduit.com
[1832/11/29 00:22:58 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\extensions\kgcdlinojc@kgcdlinojc.org.xpi
[2012/10/27 21:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 21:46:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/03 09:50:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/19 14:04:26 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/08 11:26:33 | 000,000,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [Habu] C:\Program Files (x86)\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RunUVC] C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCtray.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [UVCSti] C:\Program Files (x86)\UVC Video Camera\UVCSti.exe (Alcor Micro Corp.)
O4 - HKU\.DEFAULT..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKU\S-1-5-18..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk = File not found
O4 - Startup: C:\Users\Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Village Advent Calendar.lnk = File not found
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D451168-4286-4A0A-8396-E84C24A2B869}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F26192A-DD8A-4523-A273-BC17B6634610}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/08 22:30:39 | 000,000,027 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/11/30 23:55:57 | 001,297,408 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/03 07:46:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2012/11/02 23:32:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/02 23:17:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/02 23:17:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/02 23:17:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/02 23:16:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/02 23:16:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/02 23:14:17 | 004,994,057 | R--- | C] (Swearware) -- C:\Users\Nick\Desktop\ComboFix.exe
[2012/11/02 23:08:07 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\RK_Quarantine
[2012/11/02 22:16:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/02 22:15:41 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\TDSSKiller.exe
[2012/11/02 21:16:58 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/11/02 21:16:58 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/11/02 21:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/11/02 21:16:54 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/11/02 21:16:51 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/11/02 21:16:50 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/11/02 21:16:45 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/11/02 21:16:45 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/11/02 21:15:29 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/11/02 21:15:29 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/11/02 21:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/02 21:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/02 17:31:54 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Roaming
[2012/11/02 17:30:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/27 21:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/25 18:24:46 | 002,596,800 | ---- | C] (Salfeld Computer) -- C:\Windows\SysWow64\ccsync.exe
[2012/10/25 18:24:46 | 000,244,680 | ---- | C] (Salfeld Computer) -- C:\Windows\SysWow64\wdrvhook.dll
[2012/10/24 17:57:19 | 000,000,000 | ---D | C] -- C:\Windows\tray
[2012/10/24 17:57:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cc32
[2012/10/24 17:57:17 | 000,387,320 | ---- | C] (Salfeld Computer) -- C:\Windows\SysWow64\dllcin64.exe
[2012/10/24 17:57:17 | 000,299,288 | ---- | C] (Salfeld Computer) -- C:\Windows\SysWow64\dllcin32.exe
[2012/10/24 17:57:17 | 000,062,088 | ---- | C] (Salfeld Computer) -- C:\Windows\SysWow64\ccinj64.sys
[2012/10/24 17:57:17 | 000,044,968 | ---- | C] (Salfeld Computer) -- C:\Windows\SysWow64\ccinj32.sys
[2012/10/24 17:57:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\scurl
[2012/10/24 17:57:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\wdrv
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/03 07:46:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2012/11/03 07:37:27 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/11/03 07:35:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/02 23:19:12 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/02 23:19:12 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/02 23:14:36 | 004,994,057 | R--- | M] (Swearware) -- C:\Users\Nick\Desktop\ComboFix.exe
[2012/11/02 23:03:17 | 001,584,640 | ---- | M] () -- C:\Users\Nick\Desktop\RogueKiller.exe
[2012/11/02 22:20:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\excltmp~.dat
[2012/11/02 22:20:27 | 000,000,088 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err
[2012/11/02 22:19:58 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/02 22:19:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/02 22:18:13 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/02 21:16:58 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/02 21:16:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/02 21:06:19 | 002,195,061 | ---- | M] () -- C:\Users\Nick\Desktop\tdsskiller.zip
[2012/11/02 18:06:50 | 000,000,512 | ---- | M] () -- C:\Users\Nick\Desktop\MBR.dat
[2012/11/02 17:30:14 | 672,541,992 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/02 16:37:44 | 000,000,161 | ---- | M] () -- C:\NET.INI
[2012/10/31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\TDSSKiller.exe
[2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 18:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 18:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 18:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/24 17:57:23 | 000,000,124 | ---- | M] () -- C:\Windows\SysWow64\ctlsw.ini
[2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/02 23:17:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/02 23:17:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/02 23:17:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/02 23:17:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/02 23:17:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/02 23:03:13 | 001,584,640 | ---- | C] () -- C:\Users\Nick\Desktop\RogueKiller.exe
[2012/11/02 22:20:27 | 000,000,088 | ---- | C] () -- C:\Windows\SysWow64\cchservice.err
[2012/11/02 21:16:58 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/02 21:16:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/11/02 21:06:14 | 002,195,061 | ---- | C] () -- C:\Users\Nick\Desktop\tdsskiller.zip
[2012/11/02 18:06:50 | 000,000,512 | ---- | C] () -- C:\Users\Nick\Desktop\MBR.dat
[2012/11/02 17:30:14 | 672,541,992 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/21 12:13:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat
[2012/07/21 12:13:48 | 000,000,124 | ---- | C] () -- C:\Windows\SysWow64\ctlsw.ini
[2012/07/21 12:13:48 | 000,000,040 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL
[2012/07/21 12:13:42 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe
[2012/07/21 12:13:42 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys
[2012/07/21 12:13:41 | 000,000,600 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini
[2012/01/23 14:00:17 | 000,775,966 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/07 18:44:56 | 000,000,632 | RHS- | C] () -- C:\Users\Nick\ntuser.pol
[2010/12/24 21:22:34 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/11/08 15:48:57 | 000,000,913 | ---- | C] () -- C:\Windows\disney.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2009/07/13 21:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2009/07/13 21:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/21 19:54:36 | 000,000,000 | ---D | M] -- C:\Users\Jackson\AppData\Roaming\Individual Software
[2011/12/20 18:59:53 | 000,000,000 | ---D | M] -- C:\Users\Jackson\AppData\Roaming\JLAdventCalendarClassic2011
[2011/12/10 16:04:38 | 000,000,000 | ---D | M] -- C:\Users\Jackson\AppData\Roaming\JLAdventCalendarLondon2011
[2012/04/18 08:06:59 | 000,000,000 | ---D | M] -- C:\Users\Jackson\AppData\Roaming\MakeMusic
[2012/07/21 15:16:09 | 000,000,000 | ---D | M] -- C:\Users\Jackson\AppData\Roaming\Salfeld
[2012/04/27 11:35:36 | 000,000,000 | ---D | M] -- C:\Users\Jackson\AppData\Roaming\uTorrent
[2012/10/30 19:24:08 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\.minecraft
[2012/04/16 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\MakeMusic
[2012/09/19 10:49:52 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\PCCUStubInstaller
[2012/07/22 16:49:21 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Salfeld
[2012/05/10 20:55:51 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\TeamViewer
[2012/09/27 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\uTorrent
[2010/03/31 01:50:23 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\acccore
[2010/03/27 01:16:03 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools Lite
[2012/07/21 10:23:35 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Individual Software
[2011/12/11 13:20:22 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\JLAdventCalendarClassic2011
[2011/12/09 20:49:11 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\JLAdventCalendarLondon2011
[2010/11/08 16:26:00 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Leadertech
[2012/09/18 09:31:21 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\PCCUStubInstaller
[2012/07/21 12:13:45 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Salfeld
[2010/11/08 16:26:36 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Touchstone
[2012/11/02 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >

 

OTL Extras logfile created on: 11/3/2012 7:49:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 56.07% Memory free
8.00 Gb Paging File | 6.14 Gb Available in Paging File | 76.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 148.49 Gb Free Space | 63.79% Space Free | Partition Type: NTFS
Drive D: | 313.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PRODIGGITY-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1497627450-4259838747-2879309483-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14123D5B-687A-41DB-B609-2F689A199580}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14BD4274-D337-47B6-A260-0E0E1F6CA059}" = lport=138 | protocol=17 | dir=in | app=system |
"{188F15A9-461E-40E0-974C-B07A355A4A08}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{373ECC40-DAE9-4EEC-9F5D-7E048AA6A8AD}" = rport=138 | protocol=17 | dir=out | app=system |
"{37408D9F-FC8B-4BF8-B298-00BFA6A61742}" = lport=445 | protocol=6 | dir=in | app=system |
"{43C8DF41-0F2C-4E2A-AD4F-99ED4E49A45D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{571CF229-5B33-4BA6-AC31-31C2E8F654EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{798ABEDA-5614-4D19-9039-8E76BE924CC1}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F363C2A-F141-40B6-9692-4184DFF1AA76}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8091E064-921F-4623-AE41-76310380EEFA}" = lport=139 | protocol=6 | dir=in | app=system |
"{917431C2-E37A-46C0-8F34-B8CAE5BF7B7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A9B2CD2-37DE-4A46-B646-65AA0FFDD3CF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A1131D28-A5AE-4673-9568-4E3A91B66892}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{A40C02D5-BE3B-4DF9-9508-B291D8FF1CA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDE8672D-17F7-4189-9C74-74B6ADA09A3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2A2C123-85DE-4648-8CA8-C231EAB971D5}" = rport=137 | protocol=17 | dir=out | app=system |
"{C330B3D2-17E0-44C2-ADE0-1981731FEB00}" = rport=445 | protocol=6 | dir=out | app=system |
"{CB4122A6-7D70-46BF-A704-F3CA6FF9B5E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3ECEEEC-C0FD-4341-96A4-A101BC63879A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D6A23669-8AA7-4CDA-A1A2-AA52400DFF2F}" = rport=139 | protocol=6 | dir=out | app=system |
"{DB80D5BF-4837-40B5-B77E-C0F3FAE005F1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E36C0E40-D76A-4DCE-BD12-8867A6AD2676}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBCB2719-B4FE-40C9-B64A-DE57E50A2E90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5B8F22E-9237-45E4-8731-128B08CFDBD3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8C33342-AF21-4C00-BE4D-4E457488002C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033F7D7E-1466-43B2-AD57-74EC5D973A2E}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{04176FC3-B4A7-4565-9B63-A40127660D55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty world at war\codwaw.exe |
"{04213CF1-7D90-4CDB-BA4C-ECA05EF2111B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{05F8DC8D-CB39-4812-9124-B7C5327349BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{093DB9ED-4A61-4EA6-96E9-92329455792B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{10543FBA-200A-4EE6-97D4-4DC4917C3F9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{1222FE6F-4080-43F1-AD06-AE25B8A6B421}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{127ECEF6-19D3-4DEC-A852-3FD57557D05D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{17ABBAD1-C97E-4E8A-AB29-7332D7E1FD83}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{1A938FD9-98E6-4A07-A690-1116EF9469DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\18 wheels of steel american long haul\alh.exe |
"{1CB3EEAA-BA71-4055-85CA-4E0B18DDB9B8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1CCA7A6B-ECE2-41B3-9E7F-30CC8A03180E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21F671DC-BE77-4A06-8715-6EBC475C2BDA}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{2414FABF-AA1C-4F42-BDD8-02B296A9069D}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{269210E6-2460-4498-B3B2-4AD2E312B5E5}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{270D86E3-58A4-45AE-83DD-CBF64E8B8501}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2832314B-DFFB-4F77-8B33-3CFB0C211BCD}" = protocol=6 | dir=in | app=d:\routersetup\qiswizard.exe |
"{28FAEBA9-73D8-4DC5-B64D-289B06A76A87}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2A94E0D6-33CE-4B58-BD76-BA7288E6E3C4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{2E6AC415-C75A-4F11-83F8-9C0EAA8B52BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2FCD5576-1912-455E-869D-DCF71FFC6816}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{30D8395A-3BC5-49E7-B103-0AE159406E81}" = protocol=6 | dir=out | app=system |
"{311564E0-686B-4D34-9273-A98C7AB0BB8E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33FDF453-4FCD-49FE-B2BB-CBD139737418}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{35E47F72-8272-4181-B152-5F8ED5C28189}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{364C0566-0473-4D0B-B515-27B7A5057B0C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{375DF37A-AB0F-41C0-A7CC-89B6E608AF47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A4E57E0-A69A-4620-B924-A06AAFE8B5FC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3B3B0C69-FB55-4B1E-9FA5-A55DDB763109}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\18 wheels of steel american long haul\alh.exe |
"{3B9563F2-570C-415B-8468-207F9655CAEC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3BA28C1E-9C12-499F-91CF-353F79395D1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3BC5F203-71F2-4D62-9EAD-896FB6E514EB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3F00E9DC-405B-4376-B6EF-F626E7C23171}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4471122D-C895-46B6-8A95-DF125F912FF6}" = protocol=17 | dir=in | app=d:\routersetup\qiswizard.exe |
"{4495E65A-4654-4EFB-99AE-C5CF8138912C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4581D315-5419-48E4-B540-D7DA5E352382}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{45B22199-9767-4865-9F14-F9B15632CF62}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{48926704-CC9B-4106-8837-53EE4E415046}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4984CE88-5554-4462-A50B-C2249A6C341D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{4A1434C9-26AB-4996-A520-C4204D4BF34A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B135FE5-F1DF-4399-BBCF-DBD449E42747}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D435517-AF4F-4705-BA78-B682B9AC0B3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5079980E-3608-418E-A32D-B1B560845279}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{50C0E94B-86FE-4071-B6DD-2E740BAE8340}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50F02F27-75F2-4262-92EF-AC48D427F1FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{53FD7BCD-2E59-47CE-98A1-A5D53B73DBB7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{5668CC03-6BCA-495D-8764-14482F3029C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\counter-strike\hl.exe |
"{58340AF5-4A80-414B-9625-0BACABC05F23}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{5853F89C-F5FD-4E84-8942-B697E8BD815F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{594CA659-C74E-4C1D-87F5-D5A0299B339D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5A64F780-BBC5-4713-AFA3-E0FA4F238F1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\day of defeat\hl.exe |
"{5AEA2DC3-162E-43AA-AFD2-7B169B6EA8F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{5B190148-2C33-44FC-9080-ED7045F248FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5B423B40-2EE6-4DB9-B079-1955000B539D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CAFCB74-BE8A-4BE7-BF99-4751DE713D85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5D006E37-D282-440F-8F18-E1C89824195A}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{5D41024F-5815-4D64-9FC7-27D243F5A980}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{5E9BFC58-0599-4B5E-99D6-2D94C3EE0DA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\counter-strike source\hl2.exe |
"{5EC9988B-03EF-4A68-A80E-2A3445D9FC6E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6144FAF6-DF20-40D9-ADE5-285B8E90B2B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{61D2CC51-AAC2-4631-B725-BBB19201CAF5}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6274C07D-AA39-45B4-8996-213B3178CECB}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{657887A6-827C-4E06-A543-A32C4165FD36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66061ED9-F31E-4F94-BE38-97D4B6CB3B78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{675B8BBF-E4DA-4E11-9EBB-E7A7A83BD13C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6B5C4397-5377-40B0-A01A-ABBE87390F21}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{6C8C58E0-7AA1-4F63-915C-064BD9637B85}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{6CB4CBD9-84D7-4D2A-A952-EEAC317B606C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty world at war\codwawmp.exe |
"{6F8E6082-FE33-4D7C-B29E-7AB1DE113547}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6FC6A83B-9F54-4F98-AD8A-547F5A8B57C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty world at war\codwaw.exe |
"{7042642C-429D-478C-8FDD-11B565873F82}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{71F0C074-A9A3-465C-91DD-F2D51D601176}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{727D77B9-6F83-4C81-8DB1-F2911DA4763D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{74B3F899-B559-428D-B313-CF0762B056F8}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{76E2671A-4075-4E9B-B91A-E7630C533D4B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7875932F-0BF8-4BAE-8353-8310F3F9089D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7A3472F7-CCFE-40D0-8806-DD1D6123A47E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7AF2A0E2-F14D-44F1-9893-84A92FADABF7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{7C198996-6C75-4F2C-AD3A-B2A1273DF2BF}" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7C905DAB-B112-4F8E-AF0B-B45FB11927A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{7E52BDDE-7AE5-4B21-AC1D-4DDDD635824D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{841A8213-D2A1-4876-8F21-BC3552864810}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{88961BA9-4F6C-49BE-AF8A-5D498B28882B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8ECA0EA1-5878-4B6D-998B-102549077AAC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8FF8A5B7-66E9-48D4-B1F6-29C31047E180}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\counter-strike\hl.exe |
"{905CEC09-B250-40D3-B449-98BC431725AE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9126491C-F6D1-40E1-8B60-BA5EFDEB49FE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{91761394-07D6-48FA-8954-B5599DDC33BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9255DE70-0916-4272-8C3E-363D2F2AD81B}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{92C9345D-DEE2-49CE-855A-2819275BBEDC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{94E71EC0-446F-4739-8DEC-59F669DF8DF8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{9598F95E-B0A3-48D3-880B-636EDA5133A1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{97765D15-3F44-4299-BB6C-1E643637C0F3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{99346E78-5900-49CB-BAC2-86368F9DD04A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{9947D624-97C5-4772-9FBB-0DF22195D0AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{99C071FD-2A86-4CED-95B0-29ADA0006A15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B47C267-CA50-47CC-B252-2C4AC0334D86}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{9DAE801A-36CF-4135-8594-E4DFF35C3BC7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9E1AB83D-F1B5-43FF-8575-FD1225FE646E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E4BE039-EED1-4E54-BE25-60CAB7C50E93}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A10B188D-A786-4705-8A81-6864ECA9B0AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\counter-strike\hl.exe |
"{A2C54D24-C950-48BB-8F18-CD51A399CDC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4FB2918-5849-4B61-A02A-A68AE476642D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5BCBF3C-F3F7-4010-8DF0-C1A812BBF9E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\day of defeat\hl.exe |
"{A825B4DF-E3C2-4AA2-8142-714DB6A509B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC0E9F11-8DE5-44AE-B554-08A86E8B9B3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{B0571384-82A9-4B84-8F80-36E2E7262167}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B05F43C3-4836-4D62-99EF-BC3B6F1430BD}" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B10F5647-A1B1-42B2-BF79-518B806FA499}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{B12E67AA-E856-4B8D-B2AA-1F29E8D01A54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B1479BF1-A372-425C-9969-CA6A3F2199BD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1515C56-FA61-49DC-97E2-D80F2F070AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\half-life\hl.exe |
"{B3180C64-3C71-42D7-B5F5-2EA02067CA2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6FFE5B5-BAEC-4E81-8A2E-8A694FAF7AC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7778450-878E-40C5-A919-D768DD946CBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty world at war\codwawmp.exe |
"{BC924E12-4A92-4F74-B0A7-F227FC2C9D96}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BD6983D2-ADE3-42E0-B74B-DB8D1471E6A7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C458690E-2A49-49A1-811A-5AF2DFF7BFBB}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{C6477A7F-F440-46BF-B373-D83D2745AFF1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6F50F6A-B19A-4AD6-914B-E4515C2B194C}" = protocol=17 | dir=in | app=d:\routersetup\qiswizard.exe |
"{C88CD917-B167-4DCF-A33C-292D072D3737}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{C8D9756C-86ED-4338-86B5-0D0A3486DF0F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D145E7DE-412C-4E25-81E3-6770F985FCBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6B69A23-0D08-4279-9DB8-C024E105F199}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{D7153915-67B5-449E-9042-DAF52096F83F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD8A7A6B-1FA8-4B0B-81FD-FE1582EC3AD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE114D9D-B327-458C-A415-C8241B952427}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\counter-strike source\hl2.exe |
"{DFBF5D7B-6968-428F-9DD4-D899821E4B43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DFF302DE-2365-441F-9295-2FF8B2368546}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\counter-strike source\hl2.exe |
"{E3995B68-7E75-403B-8C90-64DE775DE236}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E5410A6B-9166-40AE-A7D3-69A295DD88C2}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{E74BD993-7FC6-4A20-BB31-7C99594717DF}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{E8C5E648-EC7A-4479-9B23-5C89EFCD215C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\counter-strike\hl.exe |
"{EA6B6688-09E4-4AE5-87BE-BAB60C68E4CC}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{EA96243E-3E32-4BAD-9479-44FC526BAD5F}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{EDECED67-9E3C-433B-A519-CB9FD18A8806}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE1FA02F-AE17-4A39-8B14-D407687C5A25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\counter-strike source\hl2.exe |
"{EE2235D8-7CD9-4F92-9E80-988C6787246E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFBBEC9F-C6C5-4548-8434-C02A200E2FBF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F4C1F2FE-390B-42DB-9930-31EED6CAD7EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6FAE139-4620-4E6C-9A35-1AEC3A69D776}" = protocol=6 | dir=in | app=d:\routersetup\qiswizard.exe |
"{F72552C5-F401-4742-94B7-4F1995EBF2B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{F7C4684D-2B69-40E0-A1E5-20CB3AACDF15}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{F7DAFDF2-85D9-4271-89B9-0F686D3A887C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{F82D49B0-6BFE-43A4-8A1B-B5C4C4D26E97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\rikerone\half-life\hl.exe |
"{FC2CD655-D2E4-4566-8566-EE0DB21E3227}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{FCBF6F34-4D88-49D8-BC95-B2DEF28AB53F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FCF63CF1-F10A-420D-9CEB-F51097D7E4C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FF574660-36A8-458F-9735-31212284370E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{FF6AAA49-FFD6-42CA-93E4-E539C2140008}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"TCP Query User{2816D845-5741-40A0-81B2-211A18957E64}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{366854C3-64F2-4D9F-9891-44C4008E791E}C:\program files (x86)\steam\steamapps\common\call of duty world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty world at war\codwaw.exe |
"TCP Query User{49E35028-2B6B-4F1F-90C9-9097FF63925B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{715C9484-6054-4E7A-80A5-4C5D0CD5BD33}C:\program files (x86)\touchstone\turok\binaries\turokgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\touchstone\turok\binaries\turokgame.exe |
"TCP Query User{A3E589D0-D989-4A80-A766-059F18079F4D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{E0A6579F-3F1E-4C29-B388-5715FEC5647C}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{1CE87D45-C594-494A-BF94-F93D73C1D780}C:\program files (x86)\touchstone\turok\binaries\turokgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\touchstone\turok\binaries\turokgame.exe |
"UDP Query User{22D7656B-6024-49C7-B0F9-571EA4D20BE8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{2DA50F89-250A-41C7-8F50-C8F0AF2964E0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{7BAA6F6A-2E1A-4D1A-B26B-8D04B76E8D8B}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{94FBC5B3-636F-4A74-B83B-7C52C54D1B8B}C:\program files (x86)\steam\steamapps\common\call of duty world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty world at war\codwaw.exe |
"UDP Query User{EF49C174-52A8-42E0-9084-960589225609}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.00 beta 3 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1BC3AF44-D80E-4744-A8E1-9BC540424AC9}" = Turok
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C564A58-BD28-4926-95E1-EC7812FCA44F}" = Gigabyte Wireless LAN Card
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{32CF189D-52BB-4C1C-8F93-97E8F3CDDC95}" = Razer Habu Config
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player
"{431A5BB6-E5E2-444E-8AF3-70E6BF16DEF6}" = UVC Video Camera
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{773421E8-AD7B-4DC8-AED1-9300D69E1659}" = Touchstone Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B805FF17-92FE-4757-8142-F0A2850DFE03}" = ROBLOX Studio
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D2E80193-7318-4707-A9DE-49AF663ADA73}" = ResumeMaker Professional
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skypeâ„¢ 5.10
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6.0" = AIM 6.0
"AIM_7" = AIM 7
"avast" = avast! Free Antivirus
"Child Control_is1" = Child Control
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Finale 2011" = Finale 2011
"Google Chrome" = Google Chrome
"Insaniquarium_Deluxe_1.0" = Insaniquarium Deluxe 1.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MegaSceneryX Las Vegas_is1" = MegaSceneryX Las Vegas
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"NortonPCCheckup" = Norton PC Checkup
"Precision" = EVGA Precision 1.8.1
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 10090" = Call of Duty: World at War
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12520" = 18 Wheels of Steel: American Long Haul
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Sailor_is1" = Virtual Sailor 7
"VLC media player" = VLC media player 1.0.5
"World of Warcraft" = World of Warcraft

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2012 4:57:05 PM | Computer Name = ProDiggity-PC | Source = Application Hang | ID = 1002
Description = The program RobloxPlayer.exe version 0.76.0.695 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 124 Start
Time: 01cda9852562a8ca Termination Time: 105 Application Path: C:\Program Files (x86)\Roblox\Versions\version-92268008d775409f\RobloxPlayer.exe

Report
Id: 89315395-1578-11e2-aca8-e0cb4e26f363

Error - 10/13/2012 4:58:21 PM | Computer Name = ProDiggity-PC | Source = Application Hang | ID = 1002
Description = The program RobloxPlayer.exe version 0.76.0.695 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a34 Start
Time: 01cda985570eb02b Termination Time: 110 Application Path: C:\Program Files (x86)\Roblox\Versions\version-92268008d775409f\RobloxPlayer.exe

Report
Id: b69c45f4-1578-11e2-aca8-e0cb4e26f363

Error - 10/15/2012 6:21:26 PM | Computer Name = ProDiggity-PC | Source = Application Hang | ID = 1002
Description = The program RobloxPlayer.exe version 0.76.0.695 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c90 Start
Time: 01cdab233ec6a2c3 Termination Time: 83 Application Path: C:\Users\Jackson\AppData\Local\Roblox\Versions\version-92268008d775409f\RobloxPlayer.exe

Report
Id: a69958ab-1716-11e2-90cc-e0cb4e26f363

Error - 10/16/2012 6:49:49 PM | Computer Name = ProDiggity-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Vs.exe, version: 7.0.0.1, time stamp: 0x45f41410
Faulting
module name: sapi.dll, version: 5.3.11513.0, time stamp: 0x4a5bdade Exception code:
0xc0000005 Fault offset: 0x0003a460 Faulting process id: 0x104c Faulting application
start time: 0x01cdabf036671605 Faulting application path: C:\Program Files (x86)\Virtual
Sailor\Vs.exe Faulting module path: C:\Windows\System32\Speech\Common\sapi.dll Report
Id: c98b73c7-17e3-11e2-90cc-e0cb4e26f363

Error - 10/24/2012 11:43:50 AM | Computer Name = ProDiggity-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 1.0.5.0, time stamp:
0x4b64ae05 Faulting module name: vlc.exe, version: 1.0.5.0, time stamp: 0x4b64ae05
Exception
code: 0xc0000005 Fault offset: 0x00001749 Faulting process id: 0xf18 Faulting application
start time: 0x01cdb1fe0f5d9dfc Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: 9ac6a870-1df1-11e2-ac63-e0cb4e26f363

Error - 10/28/2012 12:12:30 PM | Computer Name = ProDiggity-PC | Source = EventSystem | ID = 4621
Description =

Error - 10/30/2012 8:19:08 AM | Computer Name = ProDiggity-PC | Source = EventSystem | ID = 4622
Description =

Error - 10/30/2012 6:10:26 PM | Computer Name = ProDiggity-PC | Source = Application Hang | ID = 1002
Description = The program RobloxPlayer.exe version 0.78.1.702 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1f4c Start
Time: 01cdb6eb40367d1e Termination Time: 98 Application Path: C:\Program Files (x86)\Roblox\Versions\version-322083e762564446\RobloxPlayer.exe

Report
Id: 98dbc8c2-22de-11e2-9185-e0cb4e26f363

Error - 10/30/2012 6:11:31 PM | Computer Name = ProDiggity-PC | Source = Application Hang | ID = 1002
Description = The program RobloxPlayer.exe version 0.78.1.702 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a4c Start
Time: 01cdb6eb5fd2affb Termination Time: 101 Application Path: C:\Program Files (x86)\Roblox\Versions\version-322083e762564446\RobloxPlayer.exe

Report
Id: b69fb245-22de-11e2-9185-e0cb4e26f363

Error - 11/1/2012 2:11:55 PM | Computer Name = ProDiggity-PC | Source = MsiInstaller | ID = 11706
Description =

[ System Events ]
Error - 7/30/2012 7:31:27 AM | Computer Name = ProDiggity-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:17:03 PM on ?7/?29/?2012 was unexpected.

Error - 7/30/2012 6:33:16 PM | Computer Name = ProDiggity-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:31:21 PM on ?7/?30/?2012 was unexpected.

Error - 7/31/2012 5:31:59 AM | Computer Name = ProDiggity-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:31:10 PM on ?7/?30/?2012 was unexpected.

Error - 8/1/2012 8:34:20 AM | Computer Name = ProDiggity-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:28:57 PM on ?7/?31/?2012 was unexpected.

Error - 8/1/2012 5:28:29 PM | Computer Name = ProDiggity-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:05:13 PM on ?8/?1/?2012 was unexpected.

Error - 8/2/2012 7:46:47 AM | Computer Name = ProDiggity-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:43:23 PM on ?8/?1/?2012 was unexpected.

Error - 8/2/2012 3:14:51 PM | Computer Name = ProDiggity-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:59:41 PM on ?8/?2/?2012 was unexpected.

Error - 8/3/2012 10:48:23 AM | Computer Name = ProDiggity-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:59:46 PM on ?8/?2/?2012 was unexpected.

Error - 8/7/2012 5:32:02 PM | Computer Name = ProDiggity-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 8/9/2012 8:51:06 AM | Computer Name = ProDiggity-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:24:04 AM on ?8/?9/?2012 was unexpected.


< End of report >

 

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.order.1
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
64bit-Registry value HKEY_USERS\S-1-5-21-1497627450-4259838747-2879309483-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jackson
->Temp folder emptied: 270554 bytes
->Temporary Internet Files folder emptied: 33219 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1103327895 bytes
->Google Chrome cache emptied: 6186070 bytes
->Flash cache emptied: 160845 bytes

User: Michele
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 182581 bytes
->Java cache emptied: 461813 bytes
->FireFox cache emptied: 885284415 bytes
->Google Chrome cache emptied: 6380229 bytes
->Flash cache emptied: 159821 bytes

User: Nick
->Temp folder emptied: 369002 bytes
->Temporary Internet Files folder emptied: 1809772 bytes
->Java cache emptied: 5762219 bytes
->FireFox cache emptied: 76536032 bytes
->Google Chrome cache emptied: 10340113 bytes
->Flash cache emptied: 15361253 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 361174 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3294 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 187771 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,015.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jackson
->Java cache emptied: 0 bytes

User: Michele
->Java cache emptied: 0 bytes

User: Nick
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jackson
->Flash cache emptied: 0 bytes

User: Michele
->Flash cache emptied: 0 bytes

User: Nick
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11032012_184400

Files\Folders moved on Reboot...
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 29
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.63 Flash Player out of Date!
Adobe Reader X 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

Farbar Service Scanner Version: 03-11-2012
Ran by Nick (administrator) on 03-11-2012 at 19:17:40
Running from "C:\Users\Nick\Desktop "
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-13 19:25] - [2009-07-13 21:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\System32\dnsrslvr.dll
[2009-07-13 19:21] - [2009-07-13 21:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 19:26:09
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : Nick - PRODIGGITY-PC
# Boot Mode : Normal
# Running from : C:\Users\Nick\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\Viewpoint
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\zzzqgm81.default\extensions\plugin@yontoo.com
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\Conduit
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\ConduitCommon
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\ConduitEngine
Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\extensions\engine@conduit.com

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-1497627450-4259838747-2879309483-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\prefs.js

Found : user_pref( "CT2203827..clientLogIsEnabled ", false);
Found : user_pref( "CT2203827..clientLogServiceUrl ", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref( "CT2203827..uninstallLogServiceUrl ", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref( "CT2203827.AboutPrivacyUrl ", "hxxp://www.conduit.com/privacy/Default.aspx ");
Found : user_pref( "CT2203827.AppTrackingLastCheckTime ", "Mon Jul 04 2011 17:35:18 GMT-0400 (Eastern Daylight[...]
Found : user_pref( "CT2203827.CTID ", "CT2203827 ");
Found : user_pref( "CT2203827.CurrentServerDate ", "6-7-2011 ");
Found : user_pref( "CT2203827.DialogsAlignMode ", "LTR ");
Found : user_pref( "CT2203827.DialogsGetterLastCheckTime ", "Sat May 21 2011 22:43:53 GMT-0400 (Eastern Daylig[...]
Found : user_pref( "CT2203827.DownloadReferralCookieData ", " ");
Found : user_pref( "CT2203827.EMailNotifierCheckInterval ", "1 ");
Found : user_pref( "CT2203827.EMailNotifierLabelLength ", 5);
Found : user_pref( "CT2203827.EMailNotifierPollDate ", "Tue Jul 05 2011 17:36:18 GMT-0400 (Eastern Daylight Ti[...]
Found : user_pref( "CT2203827.EMailNotifierSound ", "NONE ");
Found : user_pref( "CT2203827.FeedPollDate128984765864731680 ", "Tue Jul 05 2011 16:54:34 GMT-0400 (Eastern Da[...]
Found : user_pref( "CT2203827.FeedPollDate128984765864731682 ", "Tue Sep 28 2010 07:22:35 GMT-0400 (Eastern Da[...]
Found : user_pref( "CT2203827.FeedTTL128984765864731680 ", 40);
Found : user_pref( "CT2203827.FeedTTL128984765864731682 ", 40);
Found : user_pref( "CT2203827.FirstServerDate ", "16-3-2010 ");
Found : user_pref( "CT2203827.FirstTime ", true);
Found : user_pref( "CT2203827.FirstTimeFF3 ", true);
Found : user_pref( "CT2203827.FirstTimeSettingsDone ", true);
Found : user_pref( "CT2203827.GroupingServerCheckInterval ", 1440);
Found : user_pref( "CT2203827.GroupingServiceUrl ", "hxxp://grouping.services.conduit.com/ ");
Found : user_pref( "CT2203827.HasUserGlobalKeys ", true);
Found : user_pref( "CT2203827.Initialize ", true);
Found : user_pref( "CT2203827.InitializeCommonPrefs ", true);
Found : user_pref( "CT2203827.InstallationAndCookieDataSentCount ", 3);
Found : user_pref( "CT2203827.InstalledDate ", "Tue Mar 16 2010 08:52:37 GMT-0700 (Pacific Daylight Time) ");
Found : user_pref( "CT2203827.IsGrouping ", false);
Found : user_pref( "CT2203827.IsMulticommunity ", false);
Found : user_pref( "CT2203827.IsOpenThankYouPage ", true);
Found : user_pref( "CT2203827.IsOpenUninstallPage ", true);
Found : user_pref( "CT2203827.LanguagePackLastCheckTime ", "Tue Jul 05 2011 17:35:17 GMT-0400 (Eastern Dayligh[...]
Found : user_pref( "CT2203827.LanguagePackReloadIntervalMM ", 1440);
Found : user_pref( "CT2203827.LanguagePackServiceUrl ", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref( "CT2203827.LastLogin_2.5.6.0 ", "Tue Sep 28 2010 07:22:36 GMT-0400 (Eastern Daylight Time) "[...]
Found : user_pref( "CT2203827.LastLogin_2.7.2.0 ", "Thu May 19 2011 02:17:47 GMT-0400 (Eastern Daylight Time) "[...]
Found : user_pref( "CT2203827.LastLogin_3.3.3.2 ", "Tue Jul 05 2011 17:07:34 GMT-0400 (Eastern Daylight Time) "[...]
Found : user_pref( "CT2203827.LatestVersion ", "3.3.3.2 ");
Found : user_pref( "CT2203827.Locale ", "en ");
Found : user_pref( "CT2203827.LoginCache ", 4);
Found : user_pref( "CT2203827.MCDetectTooltipHeight ", "83 ");
Found : user_pref( "CT2203827.MCDetectTooltipUrl ", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1 ");
Found : user_pref( "CT2203827.MCDetectTooltipWidth ", "295 ");
Found : user_pref( "CT2203827.RadioShrinked ", "expanded ");
Found : user_pref( "CT2203827.SHRINK_TOOLBAR ", 1);
Found : user_pref( "CT2203827.SearchBoxWidth ", 100);
Found : user_pref( "CT2203827.SearchEngine ", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref( "CT2203827.SearchFromAddressBarIsInit ", true);
Found : user_pref( "CT2203827.SearchFromAddressBarUrl ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT220[...]
Found : user_pref( "CT2203827.SearchInNewTabEnabled ", true);
Found : user_pref( "CT2203827.SearchInNewTabIntervalMM ", 1440);
Found : user_pref( "CT2203827.SearchInNewTabLastCheckTime ", "Tue Jul 05 2011 17:35:17 GMT-0400 (Eastern Dayli[...]
Found : user_pref( "CT2203827.SearchInNewTabServiceUrl ", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref( "CT2203827.SearchInNewTabUsageUrl ", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref( "CT2203827.ServiceMapLastCheckTime ", "Tue Jul 05 2011 17:35:18 GMT-0400 (Eastern Daylight [...]
Found : user_pref( "CT2203827.SettingsCheckIntervalMin ", 120);
Found : user_pref( "CT2203827.SettingsLastCheckTime ", "Tue Jul 05 2011 17:35:18 GMT-0400 (Eastern Daylight Ti[...]
Found : user_pref( "CT2203827.SettingsLastUpdate ", "1306530423 ");
Found : user_pref( "CT2203827.ThirdPartyComponentsInterval ", 504);
Found : user_pref( "CT2203827.ThirdPartyComponentsLastCheck ", "Thu Jun 30 2011 17:35:17 GMT-0400 (Eastern Day[...]
Found : user_pref( "CT2203827.ThirdPartyComponentsLastUpdate ", "1269163751 ");
Found : user_pref( "CT2203827.TrusteLinkUrl ", "hxxp://trust.conduit.com/CT2203827 ");
Found : user_pref( "CT2203827.UserID ", "UN13861554546636867 ");
Found : user_pref( "CT2203827.ValidationData_Search ", 2);
Found : user_pref( "CT2203827.ValidationData_Toolbar ", 2);
Found : user_pref( "CT2203827.WeatherNetwork ", " ");
Found : user_pref( "CT2203827.WeatherPollDate ", "Tue Jul 05 2011 17:07:35 GMT-0400 (Eastern Daylight Time) ");
Found : user_pref( "CT2203827.WeatherUnit ", "F ");
Found : user_pref( "CT2203827.alertChannelId ", "602166 ");
Found : user_pref( "CT2203827.clientLogIsEnabled ", true);
Found : user_pref( "CT2203827.clientLogServiceUrl ", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref( "CT2203827.components.1000082 ", false);
Found : user_pref( "CT2203827.generalConfigFromLogin ", "{\ "SocialDomains\ ":\ "social.conduit.com;apps.conduit.[...]
Found : user_pref( "CT2203827.globalFirstTimeInfoLastCheckTime ", "Tue Jul 05 2011 17:07:34 GMT-0400 (Eastern [...]
Found : user_pref( "CT2203827.isAppTrackingManagerOn ", true);
Found : user_pref( "CT2203827.myStuffEnabled ", true);
Found : user_pref( "CT2203827.myStuffPublihserMinWidth ", 400);
Found : user_pref( "CT2203827.myStuffSearchUrl ", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref( "CT2203827.myStuffServiceIntervalMM ", 1440);
Found : user_pref( "CT2203827.myStuffServiceUrl ", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref( "CT2203827.oldAppsList ", "128810326070113242,128810326070113243,128810330791362609,1288103[...]
Found : user_pref( "CT2203827.testingCtid ", " ");
Found : user_pref( "CT2203827.toolbarAppMetaDataLastCheckTime ", "Tue Jul 05 2011 17:35:17 GMT-0400 (Eastern D[...]
Found : user_pref( "CT2203827.toolbarContextMenuLastCheckTime ", "Tue Jul 05 2011 13:59:16 GMT-0400 (Eastern D[...]
Found : user_pref( "CT2203827.uninstallLogServiceUrl ", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref( "CT2203827.usagesFlag ", 1);
Found : user_pref( "CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/602166/598028/US ", "\ "0\" ")[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US ", "\ "0\" ")[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2203827 ", [...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg ", "\[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2203827 ",[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0 ", "63[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2203827/CT2203827[...]
Found : user_pref( "CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en ", "\ "634[...]
Found : user_pref( "CommunityToolbar.EngineOwner ", "CT2203827 ");
Found : user_pref( "CommunityToolbar.EngineOwnerGuid ", "{f8946e7d-99a3-4100-a357-62b283b3fb4e} ");
Found : user_pref( "CommunityToolbar.EngineOwnerToolbarId ", "clan_ah_buddybar ");
Found : user_pref( "CommunityToolbar.IsEngineShown ", false);
Found : user_pref( "CommunityToolbar.IsMyStuffImportedToEngine ", true);
Found : user_pref( "CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/27/220/CT2203827/Brow[...]
Found : user_pref( "CommunityToolbar.OriginalEngineOwner ", "CT2203827 ");
Found : user_pref( "CommunityToolbar.OriginalEngineOwnerGuid ", "{f8946e7d-99a3-4100-a357-62b283b3fb4e} ");
Found : user_pref( "CommunityToolbar.OriginalEngineOwnerToolbarId ", "clan_ah_buddybar ");
Found : user_pref( "CommunityToolbar.SearchFromAddressBarSavedUrl ", "hxxp://www.google.com/search?ie=UTF-8&oe[...]
Found : user_pref( "CommunityToolbar.ToolbarsList ", "CT2203827,ConduitEngine ");
Found : user_pref( "CommunityToolbar.ToolbarsList2 ", "CT2203827 ");
Found : user_pref( "CommunityToolbar.alert.alertDialogsGetterLastCheckTime ", "Tue Sep 20 2011 16:27:07 GMT-04[...]
Found : user_pref( "CommunityToolbar.alert.alertInfoInterval ", 1440);
Found : user_pref( "CommunityToolbar.alert.alertInfoLastCheckTime ", "Tue Dec 20 2011 19:48:24 GMT-0500 (Easte[...]
Found : user_pref( "CommunityToolbar.alert.clientsServerUrl ", "hxxp://alert.client.conduit.com ");
Found : user_pref( "CommunityToolbar.alert.locale ", "en ");
Found : user_pref( "CommunityToolbar.alert.loginIntervalMin ", 1440);
Found : user_pref( "CommunityToolbar.alert.loginLastCheckTime ", "Tue Dec 20 2011 19:48:15 GMT-0500 (Eastern S[...]
Found : user_pref( "CommunityToolbar.alert.loginLastUpdateTime ", "1313487611 ");
Found : user_pref( "CommunityToolbar.alert.messageShowTimeSec ", 20);
Found : user_pref( "CommunityToolbar.alert.servicesServerUrl ", "hxxp://alert.services.conduit.com ");
Found : user_pref( "CommunityToolbar.alert.showTrayIcon ", false);
Found : user_pref( "CommunityToolbar.alert.userCloseIntervalMin ", 300);
Found : user_pref( "CommunityToolbar.alert.userId ", "{ab7e30b9-84b5-4e47-a8a7-fc544e3cff02} ");
Found : user_pref( "CommunityToolbar.globalUserId ", "1f1d99fc-504c-4ebb-a2fc-5fd25fd32c87 ");
Found : user_pref( "CommunityToolbar.isAlertUrlAddedToFeedItemTable ", true);
Found : user_pref( "CommunityToolbar.isClickActionAddedToFeedItemTable ", true);
Found : user_pref( "ConduitEngine.AppTrackingLastCheckTime ", "Sun May 22 2011 01:43:51 GMT-0400 (Eastern Dayl[...]
Found : user_pref( "ConduitEngine.DialogsGetterLastCheckTime ", "Wed Jul 13 2011 07:22:02 GMT-0400 (Eastern Da[...]
Found : user_pref( "ConduitEngine.FirstServerDate ", "05/22/2011 05 ");
Found : user_pref( "ConduitEngine.FirstTime ", true);
Found : user_pref( "ConduitEngine.FirstTimeFF3 ", true);
Found : user_pref( "ConduitEngine.HasUserGlobalKeys ", true);
Found : user_pref( "ConduitEngine.HideEngineAfterRestart ", true);
Found : user_pref( "ConduitEngine.Initialize ", true);
Found : user_pref( "ConduitEngine.InitializeCommonPrefs ", true);
Found : user_pref( "ConduitEngine.InstalledDate ", "Sat May 21 2011 22:43:51 GMT-0400 (Eastern Daylight Time) "[...]
Found : user_pref( "ConduitEngine.IsMulticommunity ", false);
Found : user_pref( "ConduitEngine.IsOpenThankYouPage ", false);
Found : user_pref( "ConduitEngine.IsOpenUninstallPage ", true);
Found : user_pref( "ConduitEngine.LanguagePackLastCheckTime ", "Tue Jul 05 2011 17:35:18 GMT-0400 (Eastern Day[...]
Found : user_pref( "ConduitEngine.LastLogin_3.3.3.2 ", "Tue Jul 05 2011 15:07:34 GMT-0400 (Eastern Daylight Ti[...]
Found : user_pref( "ConduitEngine.PublisherContainerWidth ", 0);
Found : user_pref( "ConduitEngine.SearchFromAddressBarIsInit ", true);
Found : user_pref( "ConduitEngine.SettingsLastCheckTime ", "Tue Jul 05 2011 15:07:34 GMT-0400 (Eastern Dayligh[...]
Found : user_pref( "ConduitEngine.UserID ", "UN03752436167231776 ");
Found : user_pref( "ConduitEngine.engineLocale ", "en-US ");
Found : user_pref( "ConduitEngine.enngineContextMenuLastCheckTime ", "Tue Jul 05 2011 17:35:18 GMT-0400 (Easte[...]
Found : user_pref( "ConduitEngine.globalFirstTimeInfoLastCheckTime ", "Wed Jul 13 2011 15:22:02 GMT-0400 (East[...]
Found : user_pref( "ConduitEngine.initDone ", true);
Found : user_pref( "ConduitEngine.isAppTrackingManagerOn ", true);

Profile name : default
File : C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\zzzqgm81.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\9m23ftso.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [18818 octets] - [03/11/2012 19:26:09]

########## EOF - C:\AdwCleaner[R1].txt - [18879 octets] ##########

 

I apologize I was at my other job. I let it run while I was gone.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.11.2012_22.15.48\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.11.2012_22.15.48\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Default\aagddfdbdhdjgbgfdfdagcdidedagbdh\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\9m23ftso.default\extensions\kgcdlinojc@kgcdlinojc.org.xpi JS/Redirector.NCI trojan deleted - quarantined
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Default\aagddfdbdhdjgbgfdfdagcdidedagbdh\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\zzzqgm81.default\extensions\kgcdlinojc@kgcdlinojc.org.xpi JS/Redirector.NCI trojan deleted - quarantined
C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\zzzqgm81.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Default\aagddfdbdhdjgbgfdfdagcdidedagbdh\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\93kb6oa6.default\extensions\kgcdlinojc@kgcdlinojc.org.xpi JS/Redirector.NCI trojan deleted (after the next restart) - quarantined

 

Thank you SO much! You truly are a miracle worker, and again thank you for understanding my life. My computer is back to running amazing. Do you have any suggestions that I can use to help prevent or restrict the child's account from attaining anything unwanted. He is supposed to be very limited but supervision is not "Always" there.