rowico
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by rowico
-
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
Everything ran as they were supposed to, and yes my computer does not seem to have any remaining issues. Thank you so much for getting my computer back up and running and clean. -
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
My desktop is running fine now with only minor hiccups. I have Microsoft Security Essentials. ComboFix 13-01-14.01 - Rob 01/14/2013 20:51:15.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6212 [GMT -5:00] Running from: c:\users\Rob\Desktop\ComboFix.exe Command switches used :: c:\users\Rob\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 ))))))))))))))))))))))))))))))) . . 2013-01-15 01:56 . 2013-01-15 01:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-01-15 01:56 . 2013-01-15 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-14 18:38 . 2013-01-14 18:38 -------- d-----w- c:\windows\rescache 2013-01-14 18:09 . 2013-01-14 18:09 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAFC3214-4D95-4680-902F-5BF0DAF5D733}\offreg.dll 2013-01-14 03:46 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-14 03:46 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-14 03:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAFC3214-4D95-4680-902F-5BF0DAF5D733}\mpengine.dll 2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes 2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\programdata\Malwarebytes 2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-13 22:19 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-13 22:18 . 2013-01-13 22:18 -------- d-----w- c:\users\Rob\AppData\Local\Programs 2013-01-13 18:46 . 2013-01-13 18:46 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-01-13 18:44 . 2013-01-13 18:44 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-01-13 18:44 . 2013-01-12 08:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-13 18:43 . 2013-01-13 18:43 -------- d-----w- c:\programdata\McAfee 2013-01-09 18:56 . 2013-01-09 18:56 -------- d-----w- C:\_OTL 2013-01-06 00:36 . 2013-01-06 00:36 -------- d-----w- c:\windows\Microsoft Antimalware 2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files (x86)\MathGV 2012-12-22 08:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 08:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-22 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-20 04:24 . 2013-01-13 22:37 -------- d-----w- c:\users\Rob\AppData\Roaming\ftblauncher 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-14 05:03 . 2012-08-26 01:05 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-13 19:06 . 2012-04-05 03:21 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-13 19:06 . 2012-01-23 05:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-13 18:44 . 2012-01-08 21:34 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-14 05:03 . 2011-12-29 01:33 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-12-14 05:03 . 2011-12-27 04:02 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-12-13 23:29 . 2011-12-27 04:02 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-12-01 16:19 . 2012-01-09 16:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-11-30 04:45 . 2013-01-14 03:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-24 19:02 . 2012-11-24 19:07 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll 2012-11-14 07:06 . 2012-12-13 15:40 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 15:40 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 15:41 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 15:41 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 15:41 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 15:41 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 15:41 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 15:41 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 15:41 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 15:41 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 15:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 15:41 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 15:41 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 15:41 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 15:41 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 15:41 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 15:41 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 15:41 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 15:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 15:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-13 01:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-13 01:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-13 01:10 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-13 01:10 376832 ----a-w- c:\windows\SysWow64\dpnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA System Monitor"="c:\program files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" [2010-04-05 1228392] "Spotify"="c:\users\Rob\AppData\Roaming\Spotify\Spotify.exe" [2012-10-30 7880664] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464] "Spotify Web Helper"="c:\users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-30 1199576] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-29 3093624] "NCsoft Launcher"="f:\aion\AION2\NCLauncher.exe" [2012-11-12 38744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "DataMigrationSoftwareMonitor.exe"="c:\program files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe" [2010-11-01 2605224] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-3-25 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-08 1431888] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-28 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128] S2 IntSch2Svc;Intel Scheduler2 Service;c:\program files (x86)\Common Files\Intel\Schedule2\schedul2.exe [2010-11-01 1164704] S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;f:\autodesk 2\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008] S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088] S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104] S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Rob\Downloads\RealTemp_360\WinRing0x64.sys [2011-12-28 14544] . . Contents of the 'Scheduled Tasks' folder . 2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:06] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04] . 2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001Core.job - c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03] . 2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001UA.job - c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Intel Scheduler2 Service"="c:\program files (x86)\Common Files\Intel\Schedule2\schedhlp.exe" [2010-11-01 362296] "ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816] "NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:d5,a8,34,cb,9a,7d,bb,5c,e4,8d,74,aa,c8,3e,94,26,88,5a,2b,51,73,8b,15, ec,a6,f3,ea,f0,8d,29,c6,8e,89,59,d1,3b,76,09,6f,db,5b,8f,ee,cf,6b,64,ce,62,\ "??"=hex:2b,22,08,e8,be,4c,23,0d,2f,93,bb,3c,03,3b,96,71 . [HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\License information*] "datasecu"=hex:3f,98,89,f0,19,f5,d1,15,7c,77,35,bd,33,e4,b8,ed,b9,34,ed,a2,a0, 86,2e,38,84,54,81,00,7d,85,0a,51,bf,9a,2b,59,9c,2b,f5,08,42,73,ee,18,96,30,\ "rkeysecu"=hex:8d,38,94,5a,ac,36,c6,82,36,cf,98,6a,9f,71,58,7c . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-14 20:58:07 ComboFix-quarantined-files.txt 2013-01-15 01:58 ComboFix2.txt 2013-01-14 18:12 . Pre-Run: 3,399,180,288 bytes free Post-Run: 3,306,102,784 bytes free . - - End Of File - - 57D8EA03F53EEBD8D847C4842F206688 and the ESET scan. C:\Users\Rob\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application F:\Users\Rob\Desktop\New folder\APB_Reloaded_Installer.exe Win32/OpenCandy application F:\Users\Rob\Downloads\programs\Xvid-Setup-dm-9.exe Win32/Toolbar.Zugo application H:\Program Files\EA GAMES\Battlefield 2\mods\Stats\Stats.exe a variant of Win32/Packed.ExeScript.B trojan -
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
ComboFix 13-01-14.01 - Rob 01/14/2013 13:06:30.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6429 [GMT -5:00] Running from: c:\users\Rob\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Rob\AppData\Local\assembly\tmp c:\windows\Downloaded Program Files\IDropPTB.dll c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll G:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 ))))))))))))))))))))))))))))))) . . 2013-01-14 03:46 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-14 03:46 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-14 03:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAFC3214-4D95-4680-902F-5BF0DAF5D733}\mpengine.dll 2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes 2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\programdata\Malwarebytes 2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-13 22:19 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-13 22:18 . 2013-01-13 22:18 -------- d-----w- c:\users\Rob\AppData\Local\Programs 2013-01-13 18:46 . 2013-01-13 18:46 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-01-13 18:44 . 2013-01-13 18:44 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-01-13 18:44 . 2013-01-12 08:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-13 18:43 . 2013-01-13 18:43 -------- d-----w- c:\programdata\McAfee 2013-01-09 18:56 . 2013-01-09 18:56 -------- d-----w- C:\_OTL 2013-01-06 00:36 . 2013-01-06 00:36 -------- d-----w- c:\windows\Microsoft Antimalware 2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files (x86)\MathGV 2012-12-22 08:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 08:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-22 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-20 04:24 . 2013-01-13 22:37 -------- d-----w- c:\users\Rob\AppData\Roaming\ftblauncher 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-14 05:03 . 2012-08-26 01:05 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-13 19:06 . 2012-04-05 03:21 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-13 19:06 . 2012-01-23 05:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-13 18:44 . 2012-01-08 21:34 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-14 05:03 . 2011-12-29 01:33 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-12-14 05:03 . 2011-12-27 04:02 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-12-13 23:29 . 2011-12-27 04:02 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-12-01 16:19 . 2012-01-09 16:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-11-30 04:45 . 2013-01-14 03:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-24 19:02 . 2012-11-24 19:07 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll 2012-11-14 07:06 . 2012-12-13 15:40 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 15:40 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 15:41 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 15:41 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 15:41 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 15:41 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 15:41 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 15:41 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 15:41 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 15:41 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 15:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 15:41 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 15:41 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 15:41 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 15:41 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 15:41 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 15:41 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 15:41 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 15:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 15:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-13 01:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-13 01:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-13 01:10 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-13 01:10 376832 ----a-w- c:\windows\SysWow64\dpnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA System Monitor"="c:\program files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" [2010-04-05 1228392] "Spotify"="c:\users\Rob\AppData\Roaming\Spotify\Spotify.exe" [2012-10-30 7880664] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464] "Spotify Web Helper"="c:\users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-30 1199576] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-29 3093624] "NCsoft Launcher"="f:\aion\AION2\NCLauncher.exe" [2012-11-12 38744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "DataMigrationSoftwareMonitor.exe"="c:\program files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe" [2010-11-01 2605224] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-3-25 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-08 1431888] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-28 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128] S2 IntSch2Svc;Intel Scheduler2 Service;c:\program files (x86)\Common Files\Intel\Schedule2\schedul2.exe [2010-11-01 1164704] S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;f:\autodesk 2\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008] S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088] S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104] S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Rob\Downloads\RealTemp_360\WinRing0x64.sys [2011-12-28 14544] . . Contents of the 'Scheduled Tasks' folder . 2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:06] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001Core.job - c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001UA.job - c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Intel Scheduler2 Service"="c:\program files (x86)\Common Files\Intel\Schedule2\schedhlp.exe" [2010-11-01 362296] "ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816] "NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:d5,a8,34,cb,9a,7d,bb,5c,e4,8d,74,aa,c8,3e,94,26,88,5a,2b,51,73,8b,15, ec,a6,f3,ea,f0,8d,29,c6,8e,89,59,d1,3b,76,09,6f,db,5b,8f,ee,cf,6b,64,ce,62,\ "??"=hex:2b,22,08,e8,be,4c,23,0d,2f,93,bb,3c,03,3b,96,71 . [HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\License information*] "datasecu"=hex:3f,98,89,f0,19,f5,d1,15,7c,77,35,bd,33,e4,b8,ed,b9,34,ed,a2,a0, 86,2e,38,84,54,81,00,7d,85,0a,51,bf,9a,2b,59,9c,2b,f5,08,42,73,ee,18,96,30,\ "rkeysecu"=hex:8d,38,94,5a,ac,36,c6,82,36,cf,98,6a,9f,71,58,7c . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-14 13:12:21 ComboFix-quarantined-files.txt 2013-01-14 18:12 . Pre-Run: 3,947,044,864 bytes free Post-Run: 3,999,895,552 bytes free . - - End Of File - - 4FD226DB9B30C7FE2A69F13C402839E0 -
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
My computer has been running much better, with only a few hickups every 10 minutes or so... Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.13.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rob :: BEAST [administrator] 1/13/2013 5:20:25 PM mbam-log-2013-01-13 (17-20-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230142 Time elapsed: 1 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe ARM (Trojan.Fakesig) -> Data: "C:\ProgramData\ifgxpers.exe" -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\ProgramData\ifgxpers.exe (Trojan.Fakesig) -> Quarantined and deleted successfully. C:\Users\Rob\Downloads\Cartograph_G_Post_Processor.exe (Trojan.Agent.cn) -> Quarantined and deleted successfully. C:\Users\Rob\Downloads\setup (1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully. (end) -
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
So right now the computer is opperational but before the AdwCleaner the computer would freeze every 30 seconds for about a minute. After the cleaner it has been running pretty well. # AdwCleaner v2.105 - Logfile created 01/13/2013 at 13:35:19 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Rob - BEAST # Boot Mode : Normal # Running from : C:\Users\Rob\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\user.js ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v [unable to get version] File : C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\g148r1jb.default\prefs.js C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\g148r1jb.default\user.js ... Deleted ! Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=109865"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 25); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false); Deleted : user_pref("extensions.BabylonToolbar.hmpg", false); Deleted : user_pref("extensions.BabylonToolbar.id", "586a330f0000000000007a7905e50a79"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15373"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.lastDP", 25); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1722:54:35"); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 71259344); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1722:54:35"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109865"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "586a330f0000000000007a7905e50a79"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "586a330f0000000000007a7905e50a79"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15373"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:54:35"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); -\\ Google Chrome v23.0.1271.97 File : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [4293 octets] - [13/01/2013 13:35:19] ########## EOF - C:\AdwCleaner[s1].txt - [4353 octets] ########## Also my java was fairly out of date but is now updated. -
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
So i disabled teatimer and ran OTL again, it asked to restart and will post the log below, however the security check failed to run from both links. It would throw the UAC box and then a command box and immediately close without any interaction and gave no text files. All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. File Protocol\Handler\skype4com - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Error opening cmd.txt file... C:\Users\Rob\Desktop\cmd.bat deleted successfully. C:\Users\Rob\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Rob ->Temp folder emptied: 734563762 bytes ->Temporary Internet Files folder emptied: 24117228 bytes ->Java cache emptied: 113899 bytes ->FireFox cache emptied: 85593780 bytes ->Google Chrome cache emptied: 258799114 bytes ->Flash cache emptied: 66590 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 183794373 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028370 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,262.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 01092013_135628 Files\Folders moved on Reboot... C:\Users\Rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\TMP000000019D85233E15893D11 not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... -
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
And here is the Extras.txt OTL Extras logfile created on: 1/9/2013 11:24:59 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.11% Memory free 16.00 Gb Paging File | 14.01 Gb Available in Paging File | 87.57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74.43 Gb Total Space | 2.32 Gb Free Space | 3.12% Space Free | Partition Type: NTFS Drive D: | 6.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 189.92 Gb Total Space | 32.64 Gb Free Space | 17.19% Space Free | Partition Type: NTFS Drive F: | 931.50 Gb Total Space | 148.74 Gb Free Space | 15.97% Space Free | Partition Type: NTFS Drive G: | 931.50 Gb Total Space | 607.34 Gb Free Space | 65.20% Space Free | Partition Type: NTFS Drive H: | 74.52 Gb Total Space | 17.83 Gb Free Space | 23.92% Space Free | Partition Type: NTFS Drive J: | 3.73 Gb Total Space | 1.91 Gb Free Space | 51.36% Space Free | Partition Type: FAT32 Drive K: | 7.21 Gb Total Space | 6.84 Gb Free Space | 94.83% Space Free | Partition Type: NTFS Computer Name: BEAST | User Name: Rob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BA31115-365E-407A-9059-0A88F3A875C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{15BCC9AD-7062-41FE-826B-F9448FD04F50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1FCFCD2A-6439-46B6-A91D-5CDABA639134}" = lport=445 | protocol=6 | dir=in | app=system | "{3812A744-957E-40EE-A3C4-4F7BE4EDCAF2}" = lport=137 | protocol=17 | dir=in | app=system | "{3C4DAEE2-AD78-4B1A-AE4C-CAEFFD43E485}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{53414302-B318-4A5C-9F0E-492FD323AFA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5669EDDD-2FCF-40B0-9CEC-EB2502E191AD}" = rport=137 | protocol=17 | dir=out | app=system | "{5794673F-2A7C-450D-A8E1-1BE45FB896BB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{63EF755C-22C4-405A-B411-3207032B6571}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6BC0DD11-53C1-4DC4-8288-E50B0E2F5556}" = lport=10243 | protocol=6 | dir=in | app=system | "{746DB178-A6B5-4065-9AD8-F0099F5A38CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7EE461EA-C4CC-4785-BDD5-9F965F3D4AFF}" = rport=138 | protocol=17 | dir=out | app=system | "{AA72F184-2FBB-4233-A7F1-318059451A42}" = lport=2869 | protocol=6 | dir=in | app=system | "{AC953261-6A47-45A1-8232-BF2CD3B91783}" = rport=139 | protocol=6 | dir=out | app=system | "{ACBB9A45-E963-484F-B58A-753EC3248DE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C51587C5-BFEF-4F2F-956D-0BA34B52F2AB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{C6EC5686-836B-475D-BF6D-28AD3321C7FC}" = rport=445 | protocol=6 | dir=out | app=system | "{C91540A4-E65C-4289-9CB9-291DECFEBE52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C9984765-F348-4FB8-BD19-30F67547D389}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CC26F7DB-1FF1-4450-A8A8-EA6BBC3D106E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CDB0B1E3-3DAE-4E77-9D20-952E9E60840D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D252CC50-4A7D-4394-923B-4CDA5F8EF5AE}" = rport=10243 | protocol=6 | dir=out | app=system | "{DA26984E-DF17-4206-A7E8-787F667DBA09}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F57C6C18-4FD6-443E-BE7B-2B8BB7F0DEEB}" = lport=139 | protocol=6 | dir=in | app=system | "{F905AEA6-7651-49A9-89D9-FD4B7A845045}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0221AA54-5AD1-4386-B50A-D0971BA1A677}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{0390CF83-0737-4134-A3A2-69A7354D817D}" = protocol=6 | dir=in | app=f:\day z\tools\bin\rsync.exe | "{051E935D-F4B9-4C66-B777-C012D5845847}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{0540F120-5CE8-489D-B97E-78EB770119E2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{06960C09-3A34-46B5-BDDD-557A756BE6C8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{0825EB9E-7B81-4686-9966-26EA55194135}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{08E7E16E-279D-4DEF-ADAD-81BD24B781A1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0BA1AD93-D160-48CA-89FB-CADA669ED74A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0C1E2CDA-F786-4AB5-8C95-560ADF1D1363}" = protocol=6 | dir=out | app=system | "{0ED05AE8-12FF-440B-BE1E-AADC1C9F72FC}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{1100587D-E1E3-4452-8100-E7290E15FD58}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{11EFF479-9C18-41AA-8A52-0030445D24D3}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{139E72B9-E4D2-4829-817F-F70DB21A50A9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{159F927D-0288-49B9-9C31-6DFE489B78F7}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | "{15B72B30-40B9-4DD8-A4CE-12EFF2D03588}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{169B1617-526C-47B3-8DF1-9FC51833614B}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe | "{17B5D517-D031-42C1-87C2-446EAE5A059C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\unreal tournament\system\unrealtournament.exe | "{17D4A478-9CF7-476A-A256-CA86A1B96817}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{1A0DE5A1-2E1E-4EC4-9595-4C98025BCE17}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "{1A4C2341-166A-43BE-B592-9C4EDCF18092}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1C1D6C7B-19BA-4C73-A098-9A42E86AEEED}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{1C2DDD88-1717-4CC5-8581-28DB0731B975}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "{1DFB61A4-43E4-48D4-870A-FFD507C68158}" = protocol=6 | dir=in | app=f:\\utorrent.exe | "{20B2BEBA-1D3D-4AD8-AF88-800608F85DC7}" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii.exe | "{21ACE450-05C9-4EF4-BAC1-0E2F716AAB1C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{22F57080-99C4-4977-9437-AB8CB7AC713E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{2348D4E1-3035-4919-98F6-9008F4A78D19}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "{242040EB-E18F-4D35-887C-3866854D7513}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{2A35FD54-78F9-40B5-9763-D2C8DB8ACDE4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2C54671C-62DE-41ED-9D5D-94860EE03F29}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{2C5F6FF0-49A6-4AE3-B62F-9ECB9A7451B5}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{2D2A8B37-0D58-486D-98F7-53921304A2A1}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe | "{2E050AA0-7266-4978-A5E8-586F4B6805B3}" = protocol=17 | dir=in | app=c:\program files (x86)\barnes & noble\nookstudy\nookstudy.exe | "{2E5B7A0F-3B6A-45E6-8285-AF107BF89694}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "{2F55C717-233A-4BF6-B1AD-3CBC70CB026A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2FE50018-6EFF-41B1-AB00-1DA2688893D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3088DD23-BD97-460F-9119-A18960108506}" = protocol=6 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe | "{30D34E07-9C08-4420-95AA-24984EB33BFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{31126E17-97F8-4114-9364-252492EFA03E}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | "{350EACCA-0F6E-4C41-9975-FA2864882410}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{3663FE19-62A2-4B25-B4CC-6CDEB8BDB804}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{3699EE8F-FD56-4FC4-98C0-74E0730E0648}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{3A0BCA63-6F1D-470B-BC2C-26070893393C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{3AA94A4D-F2B9-414A-A23D-8020E0E586C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{3ACB3107-E22B-4742-B224-4C003B1C5AE8}" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii.exe | "{3BBCB827-2D34-4915-AEBB-DD6B1043C67C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{3BE8FCEA-8BEA-4A3E-B30E-E1A75470D333}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | "{3E6C6126-CD0E-4B73-8731-C66B01569F89}" = protocol=17 | dir=in | app=f:\day z\tools\bin\rsync.exe | "{3E955CAD-CF87-4B7F-804E-810E430199D1}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | "{401221E2-A86D-46BA-B431-5C7337B8C042}" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii public test.exe | "{402AA3D3-786C-4A9C-8610-27B48DA11E5E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{4047DCA6-AF98-4815-B12D-C8FFA5F2AB91}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{40E61E53-5366-46CA-AFD2-994845999EE3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{424248A2-8BA8-4BBD-BA2A-61FE74E8EFB9}" = protocol=17 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe | "{44D18915-6DE7-4772-9E30-0EF7D6C978EE}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{4A267276-2F69-41CE-A55E-44AF571EC582}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{4A52A33F-9016-4ACA-A569-E5C5F42629BA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{4B212681-3459-482B-83CB-38D93C6576FB}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe | "{4E37F4CA-1019-4B91-B521-EBBAD27FCA8F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{5119B0CB-77BC-49D3-8D46-7A03D61740E9}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{5255D182-C867-44E7-A9D6-2F05918CB7C7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{54FD11EC-73A1-4924-A85D-7BEDEC8071FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{578D03D3-9964-4C98-9C88-967C77394B97}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{58C66C71-CDF5-4DDE-B651-81F9A7A95B0D}" = protocol=17 | dir=in | app=f:\utorrent.exe | "{597B149A-AF97-4635-9509-232BBE98B70B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5985C04A-D928-4866-B017-16D5DD046F06}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | "{5AF6404B-8804-4F2C-B2AA-AD1E69B0F10F}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "{5DB8D8AD-A053-443D-B56D-E680D0F0CAD2}" = protocol=6 | dir=in | app=c:\program files (x86)\barnes & noble\nookstudy\nookstudy.exe | "{5FBAB199-D023-4836-B7F6-14DBA7C442E3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{639627B0-E7EA-4066-9C09-4F519D564F33}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{649BEDF0-601E-42A6-8533-77FACD292DB8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{64F975F5-C074-4AD3-84E7-710AE11EED4C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{656F20E1-FE79-46E1-8F0C-F038273DEAFF}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | "{66FB7D13-F7F9-4A97-98F6-65ADA9862186}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{68A9D4F6-42A7-4E21-A71B-258DB2AA7E9A}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe | "{69D16105-5F51-4F3A-A231-57F47C8E18AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6C8D69C8-E077-4E8B-B4CF-73763C888F18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{6E8A2030-5C34-4DF7-A06F-019BF078629F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6ECA2E70-2171-4EE4-BCB7-B91062495F11}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{73B06D9A-55AF-48D8-81D8-CF10F9655596}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{75147BA9-A79D-40C0-9ABB-B12175D7BC10}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{75D1AD7B-6723-463E-A4E7-DAE01B23CAC7}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{7648EC1F-4474-4044-8657-3746FA84AEDC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{767D2765-EBB0-4BFA-AD14-2D7BBF8C8704}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "{76FAD55C-0527-4745-8ED9-FAF0E7FFB9AA}" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "{78388A1A-F9EE-45F8-836F-82ADD760470B}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | "{7DD7B8A3-4FD6-407F-BFB7-2F025010476A}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "{7DEC905C-5706-48E8-86F4-3444374027EB}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe | "{7EB799B3-8542-459A-A09B-6E44CB35A444}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe | "{7ECFE570-CA0A-4855-BABD-284509EACCB7}" = protocol=17 | dir=in | app=f:\\utorrent.exe | "{7F18EE41-71C1-4F78-B9EC-3F980EF19430}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | "{7F58E107-2219-4402-9FB0-44CBA6647F0E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe | "{817864C7-A175-4B6C-9803-C0109AE34A16}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\champions online\champions online.exe | "{81A43FE0-8149-4ABB-A030-CE6D52B31CCA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{81E6B8F1-DB2B-4EFB-839D-59C5D4D11F11}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{82D0B270-CB73-4C11-9024-C0D2399214E3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | "{82F45EA2-0A3A-4973-AE42-E2480DD45132}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\unreal tournament\system\unrealtournament.exe | "{83A1C127-B064-40B0-B88B-3B057C6AD53A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | "{83D7C6D1-A332-4EBE-B955-B0EED642F39A}" = protocol=6 | dir=in | app=g:\new folder\guild wars 2\gw2.exe | "{87F4E8E2-410D-47D9-8968-6E2AFEB02943}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{884B2017-8FBE-453E-9AA6-45C7843DAF90}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{8920722C-34DB-49BC-93AB-521870A6BCB2}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "{895C504B-9145-4D30-BDAE-2B7EFEA46D8B}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "{8A335029-FCCC-429B-A3C0-547B8A758AA1}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | "{8AB6C497-B7EC-438F-95FD-8DF6667B042C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{8C187D5B-603A-4881-8717-64E27309F7C5}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "{8CBA291B-45FC-416D-84F5-406F841D00EA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{8DADE716-2CED-4ACD-A11D-16508DC451EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8F5C3B16-4430-4DCC-8419-AE000178A652}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{91AA8F6E-E917-41EE-8041-EA09A4862743}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | "{93CF3F37-78B1-44A7-A5D7-4732786F4C54}" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii public test.exe | "{9405DAC1-1612-43AB-B983-2C2ADB77EC58}" = protocol=17 | dir=in | app=f:\diablo iii\diablo iii\diablo iii.exe | "{94C796C3-B4D6-469F-818E-28DFDCDA90E7}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{9615967C-A287-4B9B-93C1-A338F0AABEA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{96AD1E2D-CC60-47F9-9E9E-244317F78F5E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{97E93651-B636-470C-B4AC-64B74999D6A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9A0A8905-7077-4747-B54D-733385AF97CE}" = protocol=6 | dir=in | app=f:\diablo iii\diablo iii\diablo iii.exe | "{9B4176DB-6254-4F70-BA44-2690DCED717B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9DB95938-6E1F-4F00-81AF-7B9EDB2B4C3C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{9E2FBFA0-1649-4656-B48A-FDC74DB906D6}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{9E7F3462-546E-4FA9-943C-F65C8E91CEBC}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe | "{9ED88EC1-71BB-4677-A59C-6F9C8595CD3A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe | "{9F3D23C0-D1FB-4B1F-ABDA-D236EB1681DE}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "{9F799987-BA5C-4706-9376-00C9E2539AE0}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe | "{9F90F4FA-14A1-4A5C-87F3-14CDA0A64896}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe | "{A0D99028-A7E7-4BCC-9053-6CA7CBDA68D7}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{A22B4201-E046-46BE-936E-8A730D9959FC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{A26F8911-E695-4C75-917F-BE39AC7CC8B9}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{A4AA5C9E-A20A-4951-A078-F8C2B710E3F3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A5070C9A-5A84-4CA1-A554-CF6B88E2F946}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{A542E8E5-6100-48DA-875C-4927CCE9CE97}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{A6A78385-6D0D-49C7-A1A8-53F3330F108F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\counter-strike source\hl2.exe | "{A7684851-FFFC-4094-A91C-51DDA6AB1B53}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{A7B7513C-1D4E-466B-BE7E-2FF7F648F6A8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{A8351A75-D349-44F7-AE84-E09543EB7C86}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{A91687C1-FE2D-491E-8AB0-4E085D9B9B8A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{ABB97294-0386-4A93-B1D4-EE8A376B281D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\counter-strike source\hl2.exe | "{ACE222B9-E445-49A5-87EB-7844BFAFC38F}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\champions online\champions online.exe | "{AE58CCCF-5A84-4803-B24C-1C65D95FF153}" = protocol=17 | dir=in | app=g:\new folder\guild wars 2\gw2.exe | "{B0E83D9E-B7AF-4923-8B5D-6A1FD3601D83}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "{B203446A-407E-47D4-B031-9C2D2E529B66}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe | "{B354DA3A-BB12-413E-80E1-E9E351045CB3}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe | "{B5AEB904-A9E3-4D25-A0AC-7ED9D288097D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B5F68FA1-7837-48B9-802F-4F136785D910}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe | "{B615C6CF-D96C-494E-907D-38D14B38E436}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BAB7CD36-E140-4744-84D5-E3345A92B75A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{BB877D2E-46D1-420C-855E-4D95AB509CDA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe | "{BDA6D3B6-C7C6-48F5-BE52-A2105B545452}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{BFF17062-F340-4CCD-A3A9-D1D899AB6628}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{C0FD77A3-5B1B-43A2-BCCE-849365BFB548}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | "{C1FD5DB6-E5AB-4A51-8B64-151130CEB095}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{C22EA2CE-540C-4B14-B0EE-4899B7816571}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{C2B0BA70-CFAC-4D16-B9EC-0855CA4B10BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C2FD3BBF-9888-4B5B-825C-70363389B199}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{C916A29A-795C-4CD7-A374-E12ACAB49126}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | "{C9DEDBE1-A319-4BFB-A735-AE0DC24BC9A7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{CA3C9C66-828D-4F80-BB99-53BD2952E4A4}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm | "{CC25227A-AE05-43FF-A9DD-EF01886E4127}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{CD19B5C2-7501-47CB-94D7-916F2AA5809F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CD78A8BE-ACBD-42B9-A3E5-6DD85DF6344E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{D2AA8210-F98A-4260-8AC1-F080E97FC049}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{D378A62F-2A48-4955-9CDB-B81D5D8DA71C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{D49521C5-EFB6-459D-8495-7A01D7248B3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D50842EE-4CA2-42DE-94AB-4FDB6FA29B9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D51F9CD9-F1DE-4C47-8E38-F3ACD89DB6BF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D5D78A8E-D31A-4A86-9B81-C359C9AE686E}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe | "{D66798BE-9045-404A-951B-79F025FCEA56}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{D6D920BE-BD6E-4025-98F5-FCE50D3A1675}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{D7B415FF-B3A4-455A-81D4-4D74BBCADFD2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{DB52AD37-5050-4765-8C99-EB11D058C4C6}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe | "{DDE6EDF5-2B4C-48C5-B90C-69D6593B2FD3}" = protocol=6 | dir=in | app=f:\utorrent.exe | "{E2AE90C8-CE96-4B06-989D-FF1D120E96BE}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{E2D16EE4-520D-44F8-B3AA-D567405AFDCF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{E34552B5-0703-4C9B-AD1F-F4965F9FB4E2}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{E4DF978D-89CD-4583-A259-A5E1A5335CFA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{E4EF226D-E7D0-443C-A487-0E439459CB78}" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "{E8EEDDED-7811-4019-B294-121C5D2D1D03}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | "{E9124209-9065-46C5-9F98-71B85D21426A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{E9F92A21-21C1-4914-B019-3C891A06F4E3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe | "{EA994B5A-52DD-4BA4-AD46-7AF12B1BCD5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EBD20F75-AFBE-4ECC-BD55-DAA524180ED4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{EBDD86B0-0CC6-492B-A07B-DABE9E4FC4DA}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{EBE6126F-8ADA-43B4-B143-812A5E16D2AD}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{EC8B326A-83DA-4DD4-ADD1-407EFD201F65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EE33795D-AD94-431B-8391-68E979A47259}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{EE82A31C-7C0E-4EA2-85F1-9B0F521943E7}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{F0C3BA6D-C968-4534-A500-AAF44C7D8756}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{F0C52259-88A2-4545-A73F-09F0CA6D7976}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{F240CB5F-5B00-42FF-B5B8-298E0AA20D30}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{F4248DD2-450D-4741-9B5E-210EBF1079F8}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{F72A4CC5-1A6E-43B6-AF33-B15C6155E567}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm | "{FAE84FF1-83ED-4656-A99C-E57137F1E116}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FB5F7EBF-595E-4562-9802-829ABD99AFC4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{FC30E7F4-E7DF-4C56-A574-C6FF86E92E2C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | "TCP Query User{046244AD-139E-4FA3-A769-844E2BD33B3B}F:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe | "TCP Query User{08EAA4AC-D63C-4AE4-89B5-66132317AA2F}F:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "TCP Query User{244DB107-4D1F-4C0C-9B7A-7FBA466593D0}F:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{26B0834B-4429-4196-9C96-6BB646387C97}F:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe | "TCP Query User{2DE5910B-D258-4DB2-801F-D17C473E8F24}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "TCP Query User{2F272903-9709-4440-83E2-7859718154A1}F:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{3C703AF3-BCF4-462C-BB2A-D01080196F54}F:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "TCP Query User{43760748-4162-42A8-85FB-0BF74DFE8315}F:\starccraft 2\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\versions\base23260\sc2.exe | "TCP Query User{44B1D783-E045-496E-B452-62EE27585170}G:\new folder\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=g:\new folder\guild wars 2\gw2.exe | "TCP Query User{481D3B38-1881-43A5-AA0A-3BAC20ED1253}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "TCP Query User{4B8298CB-FF61-4B97-9E13-58F95BE8C9EF}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe | "TCP Query User{690DC584-4C3B-436F-A5F7-4907B8CB6364}F:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{70EE3B10-F5A1-4F9C-B840-64D355D06734}F:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "TCP Query User{7B857455-9FFC-4A65-AE5A-102E39A5D7B8}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "TCP Query User{7CEDF7C2-A840-471A-8DA8-A9368D729955}F:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "TCP Query User{7D39036F-E3F7-437F-9D66-CB0B3B4A5F2D}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "TCP Query User{7E01F87F-EF89-44E5-BDDC-B5273140B95A}C:\users\rob\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe | "TCP Query User{86FD60D4-774B-4A18-AD5F-C6D7C8BC33BD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{8C193094-DE35-470A-A97A-D01F9A60D604}F:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe | "TCP Query User{8F503BF6-0515-4E13-94DF-F87E34349278}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "TCP Query User{A996A688-184E-4083-83DE-D7980D14D477}F:\utorrent.exe" = protocol=6 | dir=in | app=f:\utorrent.exe | "TCP Query User{B7A8CE45-C249-4D49-AFE6-15D809C0A51E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{C76F531E-BCEE-4555-87EB-624FAFFDD456}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "TCP Query User{D9CA233B-A4CA-4106-AB05-909BF68843D6}F:\day z\tools\bin\rsync.exe" = protocol=6 | dir=in | app=f:\day z\tools\bin\rsync.exe | "TCP Query User{E2D08C07-CB5E-494C-B341-C8FAED6159C9}F:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe | "TCP Query User{E67D2459-9704-47AA-9713-CD86B04257D2}F:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "TCP Query User{EDE157CE-6EEF-4894-BC0F-A7EFA2F376C6}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{F7DDB3D8-1F3C-47E8-AE08-9BF826306A4D}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe | "TCP Query User{FE77B02C-9B23-448B-918C-BCCE07566DC8}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "UDP Query User{0999E1A1-F62B-4AB6-BEB2-10AA6F8502FC}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "UDP Query User{165F1FA8-DED8-4ACC-AE11-80EF8ADEE1FD}F:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe | "UDP Query User{198463AF-94F7-410E-95A0-F2100C033500}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{2B8B20A5-5D46-4ABA-9F81-AFB945A974C1}F:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe | "UDP Query User{3A439B9C-6388-4B56-A10A-871CA75612E5}F:\starccraft 2\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\versions\base23260\sc2.exe | "UDP Query User{3B27DB33-FFB4-47F3-82E2-3D6EE8D3CCF4}F:\utorrent.exe" = protocol=17 | dir=in | app=f:\utorrent.exe | "UDP Query User{517BA573-704E-4FB7-85DA-71F95514AFFF}F:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{63A6F0C3-07C8-4059-A331-C00C7178ECB0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{63C25C0E-9D49-4434-8718-A2F37DA94D5F}F:\day z\tools\bin\rsync.exe" = protocol=17 | dir=in | app=f:\day z\tools\bin\rsync.exe | "UDP Query User{6A46F9D0-1733-4483-B71E-F9A3AE08EDEC}F:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "UDP Query User{6A9DBDEA-7584-4071-84C5-34329E0C5D34}F:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "UDP Query User{721341C5-7722-4F1F-8F67-E5BE62EADB56}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe | "UDP Query User{98B61749-8C94-4F19-8B6F-916FB3D8CDA5}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "UDP Query User{9FD56B18-2DC3-45F2-9080-B507A0EED8C1}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "UDP Query User{A77FEBB9-8F57-4FF1-874E-16201238FCE6}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "UDP Query User{A8601990-A9C8-46A3-8FDB-4C11788D6154}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe | "UDP Query User{AAD551C3-CAC2-48D7-91D1-E89C91627201}F:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "UDP Query User{AC1A7374-5187-4167-BCD2-D0E1A439A5C3}F:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{B07F99E0-11FE-4762-A387-4E12E231AE35}F:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe | "UDP Query User{BDF2DE6C-23B0-42E9-AB45-C5D2FDB93A9A}F:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "UDP Query User{C7B8BAA8-7D48-4C10-A6C3-5A153C5C8BEC}C:\users\rob\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe | "UDP Query User{C9B11F65-65CB-4306-8960-339BACD326A6}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "UDP Query User{CAF36CA4-9ACC-485D-9AA4-1877FF14DFDA}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "UDP Query User{CFDC0F72-6A88-406C-9902-63B2EA00FC30}F:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe | "UDP Query User{D286942C-90D1-4664-B9DF-FBDFEE9AD41C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{DB511CBA-3AA7-4173-AACE-81DB42C963B1}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{F7F8289A-79FF-47EA-A3CB-743D1D710F5D}F:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "UDP Query User{FB13CA5E-5D0F-42EA-9E1E-379B58E04117}G:\new folder\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=g:\new folder\guild wars 2\gw2.exe | "UDP Query User{FB83AE81-B095-475D-8430-9B704BBB32FF}F:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java™ 7 Update 3 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack "{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Add-in "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7F4DD591-1664-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012 "{7F4DD591-1664-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 English Language Pack "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C2FDFFA3-3066-4366-9749-1C5070EAA526}" = Smart Technology Programming Software 7.0.12.11 "{D25FF5C1-1664-469A-9794-69309387C193}" = Quick Uninstall Tool for Autodesk Inventor 2012 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E027C59C-4C47-4BE8-8078-BCD3D2680EC3}" = Eco Materials Adviser (x64) "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012 "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012 "Autodesk Inventor Fusion for Inventor 2012 Add-in" = Autodesk Inventor Fusion for Inventor 2012 Add-in "Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 English "Logitech Gaming Software" = Logitech Gaming Software 8.20 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2B0FC5A8-C3B6-33B7-9069-0D3BC69D2E50}" = Google Talk Plugin "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater "{32A3A4F4-B792-11D6-A78A-00B0D0160300}" = Java™ SE Development Kit 6 Update 30 "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012 "{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7424809B-AA4A-4B2F-88A8-865F15F778B6}" = Equalify v2.1.2 (admin setup) "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{94F6AE6D-3339-4FC9-9BD2-C6B82D975DBF}" = HTC Sync "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BFFC2681-5F7C-45BC-981A-277A29332678}" = Intel® Data Migration Software powered by Acronis "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi "{CC419DDC-E0F0-4013-B25A-6FA036516F0D}" = Need for Speed™ ProStreet "{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D30F78E6-2A82-48E5-94A9-D295D64501BF}" = MathGV 4.1 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7_Carbon_folder" = 7_Carbon.rar "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Battlelog Web Plugins" = Battlelog Web Plugins "BattlEye for OA" = BattlEye for OA Uninstall "Diablo III" = Diablo III "ESN Sonar-0.70.4" = ESN Sonar "FileZilla Client" = FileZilla Client 3.6.0.1 "Fraps" = Fraps (remove only) "Guild Wars" = Guild Wars "Guild Wars 2" = Guild Wars 2 "InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance "InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor "LogMeIn Hamachi" = LogMeIn Hamachi "NOOK Study" = NOOK Study "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "StarCraft II" = StarCraft II "Steam App 113420" = Fallen Earth "Steam App 12210" = Grand Theft Auto IV "Steam App 13240" = Unreal Tournament: Game of the Year Edition "Steam App 17500" = Zombie Panic Source "Steam App 201190" = Magic: The Gathering – Tactics "Steam App 2400" = The Ship "Steam App 24200" = DC Universe Online "Steam App 28050" = Deus Ex: Human Revolution "Steam App 33900" = ARMA 2 "Steam App 33930" = ARMA 2: Operation Arrowhead "Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 4560" = Company of Heroes "Steam App 47890" = The Sims™ 3 "Steam App 49520" = Borderlands 2 "Steam App 570" = Dota 2 "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 730" = Counter-Strike: Global Offensive Beta "uTorrent" = µTorrent "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-bit) "Xfire" = Xfire (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "101a9f93b8f0bb6f" = Curse Client - 1 "Google Chrome" = Google Chrome "NCsoft-Aion" = Aion "Spotify" = Spotify "TeamSpeak 3 Client" = TeamSpeak 3 Client "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/4/2013 4:35:06 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5008 Error - 1/4/2013 4:35:07 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 1/4/2013 4:35:07 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6006 Error - 1/4/2013 4:35:07 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6006 Error - 1/4/2013 4:35:08 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 1/4/2013 4:35:08 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7005 Error - 1/4/2013 4:35:08 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7005 Error - 1/4/2013 4:35:09 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 1/4/2013 4:35:09 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8050 Error - 1/4/2013 4:35:09 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8050 [ Media Center Events ] Error - 6/14/2012 8:20:14 PM | Computer Name = BEAST | Source = MCUpdate | ID = 0 Description = 8:20:14 PM - Error connecting to the internet. 8:20:14 PM - Unable to contact server.. Error - 6/14/2012 8:20:23 PM | Computer Name = BEAST | Source = MCUpdate | ID = 0 Description = 8:20:19 PM - Error connecting to the internet. 8:20:19 PM - Unable to contact server.. Error - 6/16/2012 11:10:38 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0 Description = 11:10:38 AM - Error connecting to the internet. 11:10:38 AM - Unable to contact server.. Error - 6/16/2012 11:11:11 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0 Description = 11:11:07 AM - Error connecting to the internet. 11:11:07 AM - Unable to contact server.. Error - 6/16/2012 11:52:59 PM | Computer Name = BEAST | Source = MCUpdate | ID = 0 Description = 11:52:56 PM - Error connecting to the internet. 11:52:56 PM - Unable to contact server.. Error - 6/17/2012 12:53:06 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0 Description = 12:53:05 AM - Error connecting to the internet. 12:53:05 AM - Unable to contact server.. Error - 6/17/2012 1:53:14 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0 Description = 1:53:13 AM - Error connecting to the internet. 1:53:13 AM - Unable to contact server.. Error - 6/17/2012 2:53:22 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0 Description = 2:53:21 AM - Error connecting to the internet. 2:53:21 AM - Unable to contact server.. Error - 11/27/2012 4:05:05 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0 Description = 3:05:05 AM - Error connecting to the internet. 3:05:05 AM - Unable to contact server.. Error - 12/1/2012 11:17:52 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0 Description = 10:17:14 AM - Failed to retrieve SportsV2 (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) [ System Events ] Error - 1/6/2013 2:26:09 AM | Computer Name = BEAST | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 1/6/2013 2:26:09 AM | Computer Name = BEAST | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 1/8/2013 1:17:43 PM | Computer Name = BEAST | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk7\DR7. Error - 1/8/2013 1:17:49 PM | Computer Name = BEAST | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk7\DR7. Error - 1/8/2013 1:17:54 PM | Computer Name = BEAST | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk7\DR7. Error - 1/8/2013 1:19:21 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 1/8/2013 1:19:21 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 1/8/2013 1:23:50 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service. Error - 1/9/2013 12:19:42 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 1/9/2013 12:19:42 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 < End of report > -
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
Here is the OTL.txt file OTL logfile created on: 1/9/2013 11:24:59 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.11% Memory free 16.00 Gb Paging File | 14.01 Gb Available in Paging File | 87.57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74.43 Gb Total Space | 2.32 Gb Free Space | 3.12% Space Free | Partition Type: NTFS Drive D: | 6.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 189.92 Gb Total Space | 32.64 Gb Free Space | 17.19% Space Free | Partition Type: NTFS Drive F: | 931.50 Gb Total Space | 148.74 Gb Free Space | 15.97% Space Free | Partition Type: NTFS Drive G: | 931.50 Gb Total Space | 607.34 Gb Free Space | 65.20% Space Free | Partition Type: NTFS Drive H: | 74.52 Gb Total Space | 17.83 Gb Free Space | 23.92% Space Free | Partition Type: NTFS Drive J: | 3.73 Gb Total Space | 1.91 Gb Free Space | 51.36% Space Free | Partition Type: FAT32 Drive K: | 7.21 Gb Total Space | 6.84 Gb Free Space | 94.83% Space Free | Partition Type: NTFS Computer Name: BEAST | User Name: Rob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/08 21:05:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/11/19 21:48:16 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012/11/11 23:06:23 | 000,038,744 | ---- | M] (NCSoft) -- F:\AION\AION2\NCLauncher.exe PRC - [2012/10/30 12:04:17 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/10/29 15:05:50 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/08/16 10:51:57 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/09 12:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011/12/07 15:11:56 | 000,659,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/11/01 12:08:06 | 000,362,296 | ---- | M] (Intel) -- C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe PRC - [2010/11/01 12:06:46 | 002,605,224 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe PRC - [2009/07/06 17:33:20 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe PRC - [2009/07/06 16:44:14 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe PRC - [2009/07/06 16:43:44 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe PRC - [2009/07/06 16:20:56 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe PRC - [2009/07/06 16:20:32 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe PRC - [2009/05/27 14:46:52 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008/11/12 10:18:06 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe ========== Modules (No Company Name) ========== MOD - [2012/11/18 10:54:22 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\409c27bc1e434bf90f0df3d7096613bd\System.Design.ni.dll MOD - [2012/11/18 10:54:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012/11/18 10:53:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/11/18 10:53:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/11/18 10:53:36 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll MOD - [2012/11/18 10:53:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012/11/18 10:53:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012/11/18 10:53:30 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/11/18 10:53:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012/11/11 23:06:23 | 000,217,088 | ---- | M] () -- F:\AION\AION2\UnRar.Net.dll MOD - [2012/11/11 23:06:23 | 000,024,576 | ---- | M] () -- F:\AION\AION2\NC.Logging.dll MOD - [2012/10/29 15:05:50 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/01 10:58:44 | 000,028,512 | ---- | M] () -- C:\Program Files (x86)\Intel\DataMigrationSoftware\Common\rpc_client.dll MOD - [2009/07/06 16:39:42 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll MOD - [2009/07/06 16:04:56 | 000,185,856 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll MOD - [2009/07/06 16:04:56 | 000,185,856 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll MOD - [2007/01/11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files (x86)\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/01/08 02:46:48 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/12/19 22:33:53 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/12/12 10:38:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/19 21:48:16 | 002,462,128 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/08/16 10:51:57 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 13:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/12/07 17:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- F:\Autodesk 2\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012) SRV - [2010/11/01 12:10:18 | 001,164,704 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe -- (IntSch2Svc) SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/12/28 16:26:54 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011/11/10 09:28:22 | 000,052,160 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2011/11/10 09:28:22 | 000,024,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2011/09/20 09:32:38 | 000,183,104 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CCB.sys -- (SaiK0CCB) DRV:64bit: - [2011/09/20 09:32:38 | 000,047,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/01/29 01:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009/11/11 15:47:18 | 000,348,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009/11/06 07:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2011/12/28 16:52:45 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Rob\Downloads\RealTemp_360\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 E6 0A CA 11 C4 CC 01 [binary data] IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0007a7905e50a79 IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [2012/01/17 14:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions [2012/04/14 12:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\g148r1jb.default\extensions [2011/11/05 12:07:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010/12/16 22:11:52 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/12/17 17:19:30 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/19 08:42:46 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/06/15 13:19:52 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/11/05 12:16:17 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011/04/28 09:33:21 | 000,000,000 | ---D | M] (Anti-Banner) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\KAVANTIBANNER@KASPERSKY.RU [2011/04/28 09:33:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: AdBlock = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\ CHR - Extension: Hover Zoom = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.8.3_0\ O1 HOSTS File: ([2012/04/03 11:03:57 | 000,441,500 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15173 more lines... O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [intel Scheduler2 Service] C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe (Intel) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DataMigrationSoftwareMonitor.exe] C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe (Intel) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [Adobe ARM] C:\ProgramData\ifgxpers.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [NCsoft Launcher] F:\AION\AION2\NCLauncher.exe (NCSoft) O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [NVIDIA System Monitor] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe (NVIDIA) O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [spotify] C:\Users\Rob\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [spotify Web Helper] C:\Users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22CEA189-4E2D-41B5-8F51-2D1DA806E2D4}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80B7A150-9C2C-4924-9282-2F581DDA10AA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8E14235-B895-4AE2-8EE6-69B5E1DB41B0}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/12/04 16:57:14 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2010/02/20 19:12:01 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012/01/05 18:18:43 | 000,000,000 | ---D | M] - F:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2012/01/08 02:50:12 | 000,000,000 | ---D | M] - F:\Autodesk 2 -- [ NTFS ] O32 - AutoRun File - [2012/01/05 17:03:56 | 3511,359,788 | ---- | M] () - F:\Autodesk_Inventor_2012_English_Win_64bit.exe -- [ NTFS ] O32 - AutoRun File - [2010/02/20 22:25:39 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/12/27 22:08:21 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/01/09 11:21:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe [2013/01/09 11:18:12 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{44FCE7E0-6BC6-4E25-A430-4504B3C37A19} [2013/01/08 12:18:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Rob\Desktop\dds.scr [2013/01/08 12:17:53 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A3DCED61-C79B-40E8-8735-2561C42D18E6} [2013/01/06 01:25:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{F579FC83-F2B8-4CE6-8DC5-11D8B8221E4B} [2013/01/05 19:36:11 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware [2013/01/05 15:34:35 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{50930E73-8198-46BE-A1C0-8E707B59B732} [2013/01/04 23:15:17 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2261E2FB-AD99-43DE-9ACA-95E8EBD68378} [2013/01/04 22:42:56 | 000,104,176 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\ifgxpers.exe [2013/01/03 20:29:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{F7D61B68-CDB9-4081-B4AC-91479013FA49} [2012/12/31 11:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2012/12/31 11:50:44 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II [2012/12/31 11:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012/12/31 11:36:56 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\StarCraft II [2012/12/31 11:33:51 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{0D97F737-9DEB-4DCF-B09E-EE036DBB4021} [2012/12/28 17:29:34 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{06E38DAE-9904-4353-9882-879B28FE902E} [2012/12/27 12:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MathGV 4.1 [2012/12/27 12:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MathGV [2012/12/22 23:16:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{249F436C-E09D-4007-B949-31F2B0292E55} [2012/12/22 03:00:32 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/22 03:00:32 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/22 03:00:32 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/22 03:00:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/19 23:24:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\ftblauncher [2012/12/14 17:06:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{75A1AEBE-8355-48EE-90BF-748A5CC0A066} [2012/12/13 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A23DBFDF-DB48-4A52-B2E5-94BA9A2DB5F0} [2012/12/13 13:35:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\7_Carbon [2012/12/13 13:34:33 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\WinRAR [2012/12/13 13:34:32 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/12/13 13:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/12/13 13:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2012/12/13 12:13:03 | 000,000,000 | ---D | C] -- C:\.Trash-1000 [2012/12/13 10:41:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/13 10:41:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/13 10:41:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/13 10:41:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/13 10:41:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/13 10:41:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/13 10:41:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/13 10:41:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/13 10:41:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/13 10:41:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/13 10:41:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/13 10:41:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/13 10:41:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/13 10:41:01 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/13 10:41:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/12 20:10:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/12 20:10:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/12/12 20:10:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/12/12 20:10:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/12/12 20:10:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/12/12 20:10:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/12/12 20:10:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/12/12 20:10:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/12/12 20:10:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/12/12 20:10:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/12/12 20:10:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/12/12 20:10:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/12 20:10:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/12 20:10:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/12 20:10:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/12/12 20:10:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/12/12 20:10:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/12/12 20:10:24 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/12 20:10:24 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/10 22:54:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\prog7 ========== Files - Modified Within 30 Days ========== [2013/01/09 11:27:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/09 11:27:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/09 11:24:44 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/09 11:24:44 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/09 11:21:55 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/09 11:21:55 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/09 11:21:55 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/09 11:17:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/09 11:17:35 | 2146,332,671 | -HS- | M] () -- C:\hiberfil.sys [2013/01/08 21:05:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe [2013/01/07 15:51:30 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Rob\Desktop\dds.scr [2013/01/06 01:48:31 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001UA.job [2013/01/04 23:13:15 | 000,751,078 | ---- | M] () -- C:\ProgramData\1.bmp [2013/01/04 23:12:59 | 000,114,943 | ---- | M] () -- C:\ProgramData\1.jpg [2013/01/04 23:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/04 22:42:56 | 000,104,176 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\ifgxpers.exe [2013/01/04 21:48:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001Core.job [2012/12/31 12:08:00 | 000,000,747 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2012/12/31 11:50:36 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012/12/30 13:10:25 | 005,185,290 | ---- | M] () -- C:\Users\Rob\Desktop\BLARRG.png [2012/12/28 14:48:13 | 000,000,553 | ---- | M] () -- C:\Users\Rob\Desktop\server.properties [2012/12/27 14:46:28 | 000,026,994 | ---- | M] () -- C:\Users\Rob\Desktop\aaron work 2.png [2012/12/27 14:22:27 | 000,026,186 | ---- | M] () -- C:\Users\Rob\Desktop\aaron work 1.png [2012/12/22 10:08:16 | 000,000,318 | ---- | M] () -- C:\Users\Rob\Desktop\Curse Client - 1 .appref-ms [2012/12/22 03:17:16 | 000,376,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/20 22:47:27 | 002,242,895 | ---- | M] () -- C:\Users\Rob\Desktop\Minecraft_Server (1).exe [2012/12/19 23:58:30 | 000,001,143 | ---- | M] () -- C:\Users\Rob\Desktop\FTB_Launcher - Shortcut.lnk [2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/14 00:03:53 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/12/14 00:03:53 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/12/13 18:54:23 | 000,002,470 | ---- | M] () -- C:\Users\Rob\Desktop\Google Chrome.lnk [2012/12/13 18:29:03 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/12/12 10:38:41 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/12 10:38:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/11 01:55:51 | 000,000,600 | ---- | M] () -- C:\Users\Rob\AppData\Local\PUTTY.RND [2012/12/11 01:52:29 | 000,001,075 | ---- | M] () -- C:\Users\Rob\.drjava ========== Files Created - No Company Name ========== [2013/01/04 23:13:15 | 000,751,078 | ---- | C] () -- C:\ProgramData\1.bmp [2013/01/04 23:12:59 | 000,114,943 | ---- | C] () -- C:\ProgramData\1.jpg [2012/12/31 11:50:27 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012/12/31 11:36:56 | 000,000,747 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2012/12/30 13:10:24 | 005,185,290 | ---- | C] () -- C:\Users\Rob\Desktop\BLARRG.png [2012/12/27 14:46:28 | 000,026,994 | ---- | C] () -- C:\Users\Rob\Desktop\aaron work 2.png [2012/12/27 14:22:27 | 000,026,186 | ---- | C] () -- C:\Users\Rob\Desktop\aaron work 1.png [2012/12/19 23:58:30 | 000,001,143 | ---- | C] () -- C:\Users\Rob\Desktop\FTB_Launcher - Shortcut.lnk [2012/12/13 18:15:52 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012/09/03 22:38:26 | 000,000,600 | ---- | C] () -- C:\Users\Rob\AppData\Local\PUTTY.RND [2012/09/03 14:42:22 | 000,001,075 | ---- | C] () -- C:\Users\Rob\.drjava [2012/07/25 17:51:44 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012/06/08 21:21:24 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2012/02/10 18:11:29 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\Pbsvc.exe [2012/01/08 02:42:51 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/12/26 23:02:43 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/12/26 23:02:43 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2012/01/12 21:05:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/01/03 20:15:04 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\.minecraft [2012/01/16 13:35:11 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Autodesk [2012/04/08 15:29:30 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Barnes & Noble [2012/12/11 01:54:09 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FileZilla [2013/01/03 00:01:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ftblauncher [2012/02/08 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Leadertech [2012/03/04 22:44:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Notepad++ [2012/01/05 13:07:45 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\OpenOffice.org [2012/12/13 12:25:36 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Origin [2012/03/11 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\RIFT [2012/08/16 10:21:55 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\six-updater [2012/07/22 14:32:43 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\six-zsync [2013/01/09 11:18:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Spotify [2012/03/13 11:23:46 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Teleca [2012/01/12 21:07:15 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\The Creative Assembly [2012/03/06 22:19:39 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TS3Client [2012/06/29 18:29:19 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\*. /mp /s > < %systemroot%\*. /rp /s > < %SYSTEMDRIVE%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemdrive%\$Recycle.Bin|@;true;true;true /fp > < MD5 for: EXPLORER.EXE > [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/11/18 05:34:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9DE451C2C941CF6CB7A7E14171F497AA -- C:\.Trash-1000\files\explorer.exe [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < End of report > -
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
So I tried downloading the dds.scr program from both links but neither time would it produce a dds.txt file. Here is the attach.txt though. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume5 Install Date: 12/26/2011 3:54:02 PM System Uptime: 1/8/2013 12:17:08 PM (0 hours ago) . Motherboard: EVGA | | 132-CK-NF78 Processor: Intel® Core2 Extreme CPU Q6850 @ 3.00GHz | Socket 775 | 3000/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 74 GiB total, 2.32 GiB free. D: is CDROM (UDF) E: is FIXED (NTFS) - 190 GiB total, 32.644 GiB free. F: is FIXED (NTFS) - 932 GiB total, 148.74 GiB free. G: is FIXED (NTFS) - 932 GiB total, 607.338 GiB free. H: is FIXED (NTFS) - 75 GiB total, 17.825 GiB free. I: is Removable J: is Removable K: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Image File Execution Options ============= . . ==== Installed Programs ====================== . µTorrent 7-Zip 9.20 (x64 edition) 7_Carbon.rar Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Aion Apple Application Support Apple Mobile Device Support Apple Software Update ARMA 2 ARMA 2: Operation Arrowhead Autodesk Inventor Content Center Libraries 2012 (Desktop Content) Autodesk Inventor Fusion 2012 Autodesk Inventor Fusion 2012 Language Pack Autodesk Inventor Fusion for Inventor 2012 Add-in Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack Autodesk Inventor Professional 2012 Autodesk Inventor Professional 2012 English Autodesk Inventor Professional 2012 English Language Pack Autodesk Material Library 2012 Autodesk Material Library Base Resolution Image Library 2012 Autodesk Material Library Low Resolution Image Library 2012 Battlefield 3™ Battlelog Web Plugins BattlEye for OA Uninstall Bing Bar Bonjour Borderlands 2 Call of Duty: Modern Warfare 3 - Multiplayer Company of Heroes Counter-Strike: Global Offensive Beta Curse Client Curse Client - 1 D3DX10 DC Universe Online Deus Ex: Human Revolution Diablo III Dota 2 Eco Materials Adviser (x64) Equalify v2.1.2 (admin setup) ESN Sonar Fallen Earth FileZilla Client 3.6.0.1 Fraps (remove only) Google Chrome Google Earth Plug-in Google Talk Plugin Google Update Helper Grand Theft Auto IV Guild Wars Guild Wars 2 HTC Driver HTC Sync Intel® Data Migration Software powered by Acronis iTunes Java Auto Updater Java 6 Update 31 Java 7 Update 3 (64-bit) Java SE Development Kit 6 Update 30 Junk Mail filter update Logitech Gaming Software Logitech Gaming Software 8.20 LogMeIn Hamachi Magic: The Gathering – Tactics Mass Effect™ 3 Demo MathGV 4.1 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Corporation Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft LifeCam Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NCsoft Launcher Need for Speed™ ProStreet NOOK Study Notepad++ NVIDIA 3D Vision Controller Driver 285.62 NVIDIA 3D Vision Driver 306.97 NVIDIA Control Panel 306.97 NVIDIA Drivers NVIDIA Graphics Driver 306.97 NVIDIA Install Application NVIDIA MediaShield NVIDIA Performance NVIDIA PhysX NVIDIA PhysX System Software 9.11.0621 NVIDIA Stereoscopic 3D Driver NVIDIA System Monitor NVIDIA System Update NVIDIA Update 1.10.8 NVIDIA Update Components Origin Pando Media Booster PunkBuster Services Quick Uninstall Tool for Autodesk Inventor 2012 QuickTime Red Orchestra 2: Heroes of Stalingrad RIFT Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Six Updater Skype Click to Call Skype™ 5.10 Smart Technology Programming Software 7.0.12.11 Spotify Spybot - Search & Destroy StarCraft II TeamSpeak 3 Client The Elder Scrolls V: Skyrim The Ship The Sims 3 The Sims™ 3 The Sims™ 3 Supernatural Unreal Tournament: Game of the Year Edition Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VBA (2627.01) Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 (32-bit) Xfire (remove only) Zombie Panic Source . ==== Event Viewer Messages From Past Week ======== . 1/8/2013 12:17:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7. 1/6/2013 1:26:09 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 1/6/2013 1:26:09 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 1/4/2013 11:34:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/4/2013 11:34:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/4/2013 11:34:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/4/2013 11:15:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TONYWONDER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced. 1/3/2013 8:29:21 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer METALMONSTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced. 1/3/2013 2:25:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service. 1/3/2013 2:25:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nTuneService service. 1/3/2013 2:12:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 1/3/2013 12:35:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAVID-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced. 1/2/2013 8:45:54 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced. 1/2/2013 6:11:55 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 1/2/2013 3:15:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} 1/2/2013 3:14:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. 1/2/2013 3:14:35 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/1/2013 4:45:35 AM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer. 1/1/2013 3:14:16 AM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown. 1/1/2013 2:55:29 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 25.229.10.121. The computer with the IP address 25.5.181.100 did not allow the name to be claimed by this computer. . ==== End Of File =========================== -
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
The Windows Defender Offline Tool worked (took about 8-9 hours to complete) and successfully booted into regular windows. However I cannot find the file as I cannot find the "windows defender offline" folder. I also tried just searching for the file on all of the drives and still no luck. -
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
I can boot into windows, but the virus locks me out of everything and I cannot load or run any programs, or at least as far as I know of. And safemode crashes before I can log in. -
FBI MoneyPak virus and cannot boot to safe mode
rowico replied to rowico's topic in Resolved Malware Removal Logs
I also saw that most solutions asked the users who are in my position to search for the services.exe using the same tool. This is the log from scanning with frst64.exe that outputs the FRST.exe. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012 Ran by SYSTEM at 04-01-2013 23:53:53 Running from K:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1680976 2010-10-28] (Logitech, Inc.) HKLM\...\Run: [Launch LCore] "c:\Program Files\Logitech Gaming Software\LCore.exe" /minimized [104008 2010-11-16] (Logitech Inc.) HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-08] (NVIDIA Corporation) HKLM\...\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe [310784 2011-08-10] (Saitek) HKLM\...\Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2011-08-10] (Saitek) HKLM-x32\...\Run: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions [598016 2009-05-27] (Teleca Sweden AB) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-14] (Apple Inc.) HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [352976 2011-04-28] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1955208 2011-08-15] (LogMeIn Inc.) HKU\Rowico\...\Run: [Google Update] "C:\Users\Rowico\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-12-16] (Google Inc.) HKU\Rowico\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-12-05] (Valve Corporation) HKU\Rowico\...\Run: [NVIDIA System Monitor] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" startup [1228392 2010-04-05] (NVIDIA) HKU\Rowico\...\Run: [ViVi Cursor] "C:\Program Files (x86)\ViVi Cursor 2.0\ViVi_Cursor.exe" -start [x] HKU\Rowico\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] () HKU\Rowico\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-05] () HKU\Rowico\...\Run: [Akamai NetSession Interface] "C:\Users\Rowico\AppData\Local\Akamai\netsession_win.exe" [3305760 2011-12-12] (Akamai Technologies, Inc) Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Tcpip\Parameters: [DhcpNameServer] 68.87.71.230 68.87.73.246 192.168.1.1 AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll Startup: C:\Users\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (GamersFirst) ==================== Services (Whitelisted) =================== 2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_b427739.dll [3316000 2011-12-14] () 3 Autodesk Network Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [1539224 2008-06-13] (Autodesk, Inc.) 2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" -r [352976 2011-04-28] (Kaspersky Lab ZAO) 2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] () 2 mitsijm2011; "C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe" [673792 2010-01-22] () 2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] () 2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [276584 2010-03-22] (NVIDIA) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-25] () 2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [282728 2009-11-06] (NVIDIA) ==================== Drivers (Whitelisted) ===================== 3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] () 0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2010-06-09] (Kaspersky Lab ZAO) 1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO) 1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [556120 2011-04-28] (Kaspersky Lab) 1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [27736 2010-04-22] (Kaspersky Lab ZAO) 3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) 3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.) 3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] () 3 SaiK0CCB; C:\Windows\System32\Drivers\SaiK0CCB.sys [176136 2011-03-23] (Saitek) 3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [24640 2011-08-11] (Saitek) 3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52160 2011-08-11] (Saitek) 3 SaiU0CCB; C:\Windows\System32\Drivers\SaiU0CCB.sys [41352 2011-03-23] (Saitek) 3 WinRing0_1_2_0; \??\C:\Users\Rowico\Desktop\RealTemp_360\WinRing0x64.sys [14544 2011-07-18] (OpenLibSys.org) 3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x] 3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [x] 3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-04 23:53 - 2013-01-04 23:53 - 00000000 ____D C:\FRST 2012-12-31 08:49 - 2012-12-31 08:50 - 00000000 ____D C:\Diablo III 2012-12-31 08:36 - 2012-12-31 08:50 - 00000000 ____D C:\StarcCraft 2 ==================== One Month Modified Files and Folders ======= 2013-01-01 16:40 - 2010-12-16 16:12 - 00000000 ____D C:\Program Files (x86)\Steam 2013-01-01 11:49 - 2012-11-24 09:25 - 00000000 ____D C:\Downloads from C 2012-12-31 08:50 - 2012-12-31 08:49 - 00000000 ____D C:\Diablo III 2012-12-31 08:50 - 2012-12-31 08:36 - 00000000 ____D C:\StarcCraft 2 2012-12-13 19:24 - 2012-06-15 18:14 - 00000000 ____D C:\Fraps ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8190.54 MB Available physical RAM: 7382.42 MB Total Pagefile: 8188.69 MB Available Pagefile: 7379.74 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 2 Drive c: () (Fixed) (Total:931.5 GB) (Free:148.83 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive e: () (Fixed) (Total:931.5 GB) (Free:607.43 GB) NTFS 4 Drive f: (Windows XP - 80) (Fixed) (Total:74.52 GB) (Free:17.83 GB) NTFS 5 Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] 6 Drive h: () (Fixed) (Total:74.43 GB) (Free:2.11 GB) NTFS 7 Drive i: (IT_CROWD_SEASON_2) (CDROM) (Total:6.78 GB) (Free:0 GB) UDF 9 Drive k: (USB20FD) (Removable) (Total:3.73 GB) (Free:1.92 GB) FAT32 10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 11 Drive y: (New HD-200) (Fixed) (Total:189.92 GB) (Free:32.67 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 189 GB 5120 KB Disk 1 Online 931 GB 8 MB Disk 2 Online 931 GB 8 MB Disk 3 Online 74 GB 8 MB Disk 4 Online 74 GB 0 B Disk 5 No Media 0 B 0 B Disk 6 Online 3824 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 189 GB 31 KB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y New HD-200 NTFS Partition 189 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 931 GB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 931 GB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 931 GB 31 KB ================================================================================== Disk: 2 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E NTFS Partition 931 GB Healthy ========================================================= Partitions of Disk 3: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 74 GB 31 KB ================================================================================== Disk: 3 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F Windows XP NTFS Partition 74 GB Healthy ========================================================= Partitions of Disk 4: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 74 GB 101 MB ================================================================================== Disk: 4 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 G System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 4 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 6 H NTFS Partition 74 GB Healthy ========================================================= Partitions of Disk 6: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3823 MB 24 KB ================================================================================== Disk: 6 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 8 K USB20FD FAT32 Removable 3823 MB Healthy ========================================================= Last Boot: 2011-12-22 21:19 ==================== End Of Log ============================= -
Hi, my desktop was infected with the FBI moneyPak virus today and I cannot boot into safemode to run HijackThis or MBAM. I have already run the frst64.exe and have retrieved both logs. Any help will be greatly appreciated. Thanks, Rowico