rowico
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by rowico
-
-
My desktop is running fine now with only minor hiccups. I have Microsoft Security Essentials.
ComboFix 13-01-14.01 - Rob 01/14/2013 20:51:15.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6212 [GMT -5:00]
Running from: c:\users\Rob\Desktop\ComboFix.exe
Command switches used :: c:\users\Rob\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))
.
.
2013-01-15 01:56 . 2013-01-15 01:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-15 01:56 . 2013-01-15 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 18:38 . 2013-01-14 18:38 -------- d-----w- c:\windows\rescache
2013-01-14 18:09 . 2013-01-14 18:09 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAFC3214-4D95-4680-902F-5BF0DAF5D733}\offreg.dll
2013-01-14 03:46 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-14 03:46 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-14 03:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAFC3214-4D95-4680-902F-5BF0DAF5D733}\mpengine.dll
2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes
2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-13 22:19 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-13 22:18 . 2013-01-13 22:18 -------- d-----w- c:\users\Rob\AppData\Local\Programs
2013-01-13 18:46 . 2013-01-13 18:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-13 18:44 . 2013-01-13 18:44 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-13 18:44 . 2013-01-12 08:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-13 18:43 . 2013-01-13 18:43 -------- d-----w- c:\programdata\McAfee
2013-01-09 18:56 . 2013-01-09 18:56 -------- d-----w- C:\_OTL
2013-01-06 00:36 . 2013-01-06 00:36 -------- d-----w- c:\windows\Microsoft Antimalware
2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files (x86)\MathGV
2012-12-22 08:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 08:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-22 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 04:24 . 2013-01-13 22:37 -------- d-----w- c:\users\Rob\AppData\Roaming\ftblauncher
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-14 05:03 . 2012-08-26 01:05 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-13 19:06 . 2012-04-05 03:21 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-13 19:06 . 2012-01-23 05:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-13 18:44 . 2012-01-08 21:34 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-14 05:03 . 2011-12-29 01:33 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-14 05:03 . 2011-12-27 04:02 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-13 23:29 . 2011-12-27 04:02 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-01 16:19 . 2012-01-09 16:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-11-30 04:45 . 2013-01-14 03:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-24 19:02 . 2012-11-24 19:07 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2012-11-14 07:06 . 2012-12-13 15:40 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 15:40 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 15:41 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 15:41 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 15:41 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 15:41 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 15:41 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 15:41 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 15:41 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 15:41 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 15:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 15:41 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 15:41 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 15:41 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 15:41 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 15:41 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 15:41 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 15:41 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 15:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 15:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 01:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 01:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 01:10 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 01:10 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA System Monitor"="c:\program files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" [2010-04-05 1228392]
"Spotify"="c:\users\Rob\AppData\Roaming\Spotify\Spotify.exe" [2012-10-30 7880664]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464]
"Spotify Web Helper"="c:\users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-30 1199576]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-29 3093624]
"NCsoft Launcher"="f:\aion\AION2\NCLauncher.exe" [2012-11-12 38744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DataMigrationSoftwareMonitor.exe"="c:\program files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe" [2010-11-01 2605224]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-3-25 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-08 1431888]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]
S2 IntSch2Svc;Intel Scheduler2 Service;c:\program files (x86)\Common Files\Intel\Schedule2\schedul2.exe [2010-11-01 1164704]
S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;f:\autodesk 2\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Rob\Downloads\RealTemp_360\WinRing0x64.sys [2011-12-28 14544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:06]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001Core.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001UA.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intel Scheduler2 Service"="c:\program files (x86)\Common Files\Intel\Schedule2\schedhlp.exe" [2010-11-01 362296]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:d5,a8,34,cb,9a,7d,bb,5c,e4,8d,74,aa,c8,3e,94,26,88,5a,2b,51,73,8b,15,
ec,a6,f3,ea,f0,8d,29,c6,8e,89,59,d1,3b,76,09,6f,db,5b,8f,ee,cf,6b,64,ce,62,\
"??"=hex:2b,22,08,e8,be,4c,23,0d,2f,93,bb,3c,03,3b,96,71
.
[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\License information*]
"datasecu"=hex:3f,98,89,f0,19,f5,d1,15,7c,77,35,bd,33,e4,b8,ed,b9,34,ed,a2,a0,
86,2e,38,84,54,81,00,7d,85,0a,51,bf,9a,2b,59,9c,2b,f5,08,42,73,ee,18,96,30,\
"rkeysecu"=hex:8d,38,94,5a,ac,36,c6,82,36,cf,98,6a,9f,71,58,7c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-14 20:58:07
ComboFix-quarantined-files.txt 2013-01-15 01:58
ComboFix2.txt 2013-01-14 18:12
.
Pre-Run: 3,399,180,288 bytes free
Post-Run: 3,306,102,784 bytes free
.
- - End Of File - - 57D8EA03F53EEBD8D847C4842F206688
and the ESET scan.
C:\Users\Rob\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application
F:\Users\Rob\Desktop\New folder\APB_Reloaded_Installer.exe Win32/OpenCandy application
F:\Users\Rob\Downloads\programs\Xvid-Setup-dm-9.exe Win32/Toolbar.Zugo application
H:\Program Files\EA GAMES\Battlefield 2\mods\Stats\Stats.exe a variant of Win32/Packed.ExeScript.B trojan
-
ComboFix 13-01-14.01 - Rob 01/14/2013 13:06:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6429 [GMT -5:00]
Running from: c:\users\Rob\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rob\AppData\Local\assembly\tmp
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
G:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-14 03:46 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-14 03:46 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-14 03:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAFC3214-4D95-4680-902F-5BF0DAF5D733}\mpengine.dll
2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes
2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-13 22:19 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-13 22:18 . 2013-01-13 22:18 -------- d-----w- c:\users\Rob\AppData\Local\Programs
2013-01-13 18:46 . 2013-01-13 18:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-13 18:44 . 2013-01-13 18:44 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-13 18:44 . 2013-01-12 08:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-13 18:43 . 2013-01-13 18:43 -------- d-----w- c:\programdata\McAfee
2013-01-09 18:56 . 2013-01-09 18:56 -------- d-----w- C:\_OTL
2013-01-06 00:36 . 2013-01-06 00:36 -------- d-----w- c:\windows\Microsoft Antimalware
2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files (x86)\MathGV
2012-12-22 08:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 08:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-22 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 04:24 . 2013-01-13 22:37 -------- d-----w- c:\users\Rob\AppData\Roaming\ftblauncher
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-14 05:03 . 2012-08-26 01:05 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-13 19:06 . 2012-04-05 03:21 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-13 19:06 . 2012-01-23 05:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-13 18:44 . 2012-01-08 21:34 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-14 05:03 . 2011-12-29 01:33 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-14 05:03 . 2011-12-27 04:02 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-13 23:29 . 2011-12-27 04:02 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-01 16:19 . 2012-01-09 16:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-11-30 04:45 . 2013-01-14 03:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-24 19:02 . 2012-11-24 19:07 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2012-11-14 07:06 . 2012-12-13 15:40 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 15:40 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 15:41 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 15:41 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 15:41 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 15:41 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 15:41 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 15:41 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 15:41 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 15:41 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 15:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 15:41 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 15:41 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 15:41 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 15:41 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 15:41 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 15:41 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 15:41 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 15:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 15:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 01:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 01:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 01:10 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 01:10 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA System Monitor"="c:\program files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" [2010-04-05 1228392]
"Spotify"="c:\users\Rob\AppData\Roaming\Spotify\Spotify.exe" [2012-10-30 7880664]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464]
"Spotify Web Helper"="c:\users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-30 1199576]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-29 3093624]
"NCsoft Launcher"="f:\aion\AION2\NCLauncher.exe" [2012-11-12 38744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DataMigrationSoftwareMonitor.exe"="c:\program files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe" [2010-11-01 2605224]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-3-25 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-08 1431888]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]
S2 IntSch2Svc;Intel Scheduler2 Service;c:\program files (x86)\Common Files\Intel\Schedule2\schedul2.exe [2010-11-01 1164704]
S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;f:\autodesk 2\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Rob\Downloads\RealTemp_360\WinRing0x64.sys [2011-12-28 14544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:06]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001Core.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001UA.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intel Scheduler2 Service"="c:\program files (x86)\Common Files\Intel\Schedule2\schedhlp.exe" [2010-11-01 362296]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:d5,a8,34,cb,9a,7d,bb,5c,e4,8d,74,aa,c8,3e,94,26,88,5a,2b,51,73,8b,15,
ec,a6,f3,ea,f0,8d,29,c6,8e,89,59,d1,3b,76,09,6f,db,5b,8f,ee,cf,6b,64,ce,62,\
"??"=hex:2b,22,08,e8,be,4c,23,0d,2f,93,bb,3c,03,3b,96,71
.
[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\License information*]
"datasecu"=hex:3f,98,89,f0,19,f5,d1,15,7c,77,35,bd,33,e4,b8,ed,b9,34,ed,a2,a0,
86,2e,38,84,54,81,00,7d,85,0a,51,bf,9a,2b,59,9c,2b,f5,08,42,73,ee,18,96,30,\
"rkeysecu"=hex:8d,38,94,5a,ac,36,c6,82,36,cf,98,6a,9f,71,58,7c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-14 13:12:21
ComboFix-quarantined-files.txt 2013-01-14 18:12
.
Pre-Run: 3,947,044,864 bytes free
Post-Run: 3,999,895,552 bytes free
.
- - End Of File - - 4FD226DB9B30C7FE2A69F13C402839E0
-
My computer has been running much better, with only a few hickups every 10 minutes or so...
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.13.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rob :: BEAST [administrator]
1/13/2013 5:20:25 PM
mbam-log-2013-01-13 (17-20-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230142
Time elapsed: 1 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe ARM (Trojan.Fakesig) -> Data: "C:\ProgramData\ifgxpers.exe" -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\ProgramData\ifgxpers.exe (Trojan.Fakesig) -> Quarantined and deleted successfully.
C:\Users\Rob\Downloads\Cartograph_G_Post_Processor.exe (Trojan.Agent.cn) -> Quarantined and deleted successfully.
C:\Users\Rob\Downloads\setup (1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
(end)
-
So right now the computer is opperational but before the AdwCleaner the computer would freeze every 30 seconds for about a minute. After the cleaner it has been running pretty well.
# AdwCleaner v2.105 - Logfile created 01/13/2013 at 13:35:19
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Rob - BEAST
# Boot Mode : Normal
# Running from : C:\Users\Rob\Downloads\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\user.js
***** [Registry] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v [unable to get version]
File : C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\g148r1jb.default\prefs.js
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\g148r1jb.default\user.js ... Deleted !
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=109865");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 25);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "586a330f0000000000007a7905e50a79");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15373");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 25);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1722:54:35");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 71259344);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1722:54:35");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109865");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "586a330f0000000000007a7905e50a79");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "586a330f0000000000007a7905e50a79");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15373");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:54:35");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[s1].txt - [4293 octets] - [13/01/2013 13:35:19]
########## EOF - C:\AdwCleaner[s1].txt - [4353 octets] ##########
Also my java was fairly out of date but is now updated.
-
So i disabled teatimer and ran OTL again, it asked to restart and will post the log below, however the security check failed to run from both links. It would throw the UAC box and then a command box and immediately close without any interaction and gave no text files.
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Error opening cmd.txt file...
C:\Users\Rob\Desktop\cmd.bat deleted successfully.
C:\Users\Rob\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Rob
->Temp folder emptied: 734563762 bytes
->Temporary Internet Files folder emptied: 24117228 bytes
->Java cache emptied: 113899 bytes
->FireFox cache emptied: 85593780 bytes
->Google Chrome cache emptied: 258799114 bytes
->Flash cache emptied: 66590 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 183794373 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028370 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,262.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 01092013_135628
Files\Folders moved on Reboot...
C:\Users\Rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP000000019D85233E15893D11 not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
And here is the Extras.txt
OTL Extras logfile created on: 1/9/2013 11:24:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.11% Memory free
16.00 Gb Paging File | 14.01 Gb Available in Paging File | 87.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 2.32 Gb Free Space | 3.12% Space Free | Partition Type: NTFS
Drive D: | 6.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 189.92 Gb Total Space | 32.64 Gb Free Space | 17.19% Space Free | Partition Type: NTFS
Drive F: | 931.50 Gb Total Space | 148.74 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
Drive G: | 931.50 Gb Total Space | 607.34 Gb Free Space | 65.20% Space Free | Partition Type: NTFS
Drive H: | 74.52 Gb Total Space | 17.83 Gb Free Space | 23.92% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 1.91 Gb Free Space | 51.36% Space Free | Partition Type: FAT32
Drive K: | 7.21 Gb Total Space | 6.84 Gb Free Space | 94.83% Space Free | Partition Type: NTFS
Computer Name: BEAST | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA31115-365E-407A-9059-0A88F3A875C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{15BCC9AD-7062-41FE-826B-F9448FD04F50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FCFCD2A-6439-46B6-A91D-5CDABA639134}" = lport=445 | protocol=6 | dir=in | app=system |
"{3812A744-957E-40EE-A3C4-4F7BE4EDCAF2}" = lport=137 | protocol=17 | dir=in | app=system |
"{3C4DAEE2-AD78-4B1A-AE4C-CAEFFD43E485}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53414302-B318-4A5C-9F0E-492FD323AFA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5669EDDD-2FCF-40B0-9CEC-EB2502E191AD}" = rport=137 | protocol=17 | dir=out | app=system |
"{5794673F-2A7C-450D-A8E1-1BE45FB896BB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{63EF755C-22C4-405A-B411-3207032B6571}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BC0DD11-53C1-4DC4-8288-E50B0E2F5556}" = lport=10243 | protocol=6 | dir=in | app=system |
"{746DB178-A6B5-4065-9AD8-F0099F5A38CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EE461EA-C4CC-4785-BDD5-9F965F3D4AFF}" = rport=138 | protocol=17 | dir=out | app=system |
"{AA72F184-2FBB-4233-A7F1-318059451A42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC953261-6A47-45A1-8232-BF2CD3B91783}" = rport=139 | protocol=6 | dir=out | app=system |
"{ACBB9A45-E963-484F-B58A-753EC3248DE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C51587C5-BFEF-4F2F-956D-0BA34B52F2AB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C6EC5686-836B-475D-BF6D-28AD3321C7FC}" = rport=445 | protocol=6 | dir=out | app=system |
"{C91540A4-E65C-4289-9CB9-291DECFEBE52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9984765-F348-4FB8-BD19-30F67547D389}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CC26F7DB-1FF1-4450-A8A8-EA6BBC3D106E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDB0B1E3-3DAE-4E77-9D20-952E9E60840D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D252CC50-4A7D-4394-923B-4CDA5F8EF5AE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DA26984E-DF17-4206-A7E8-787F667DBA09}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F57C6C18-4FD6-443E-BE7B-2B8BB7F0DEEB}" = lport=139 | protocol=6 | dir=in | app=system |
"{F905AEA6-7651-49A9-89D9-FD4B7A845045}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0221AA54-5AD1-4386-B50A-D0971BA1A677}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{0390CF83-0737-4134-A3A2-69A7354D817D}" = protocol=6 | dir=in | app=f:\day z\tools\bin\rsync.exe |
"{051E935D-F4B9-4C66-B777-C012D5845847}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{0540F120-5CE8-489D-B97E-78EB770119E2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{06960C09-3A34-46B5-BDDD-557A756BE6C8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{0825EB9E-7B81-4686-9966-26EA55194135}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{08E7E16E-279D-4DEF-ADAD-81BD24B781A1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0BA1AD93-D160-48CA-89FB-CADA669ED74A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0C1E2CDA-F786-4AB5-8C95-560ADF1D1363}" = protocol=6 | dir=out | app=system |
"{0ED05AE8-12FF-440B-BE1E-AADC1C9F72FC}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{1100587D-E1E3-4452-8100-E7290E15FD58}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{11EFF479-9C18-41AA-8A52-0030445D24D3}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{139E72B9-E4D2-4829-817F-F70DB21A50A9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{159F927D-0288-49B9-9C31-6DFE489B78F7}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{15B72B30-40B9-4DD8-A4CE-12EFF2D03588}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{169B1617-526C-47B3-8DF1-9FC51833614B}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{17B5D517-D031-42C1-87C2-446EAE5A059C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\unreal tournament\system\unrealtournament.exe |
"{17D4A478-9CF7-476A-A256-CA86A1B96817}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{1A0DE5A1-2E1E-4EC4-9595-4C98025BCE17}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"{1A4C2341-166A-43BE-B592-9C4EDCF18092}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C1D6C7B-19BA-4C73-A098-9A42E86AEEED}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{1C2DDD88-1717-4CC5-8581-28DB0731B975}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{1DFB61A4-43E4-48D4-870A-FFD507C68158}" = protocol=6 | dir=in | app=f:\\utorrent.exe |
"{20B2BEBA-1D3D-4AD8-AF88-800608F85DC7}" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii.exe |
"{21ACE450-05C9-4EF4-BAC1-0E2F716AAB1C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{22F57080-99C4-4977-9437-AB8CB7AC713E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2348D4E1-3035-4919-98F6-9008F4A78D19}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"{242040EB-E18F-4D35-887C-3866854D7513}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{2A35FD54-78F9-40B5-9763-D2C8DB8ACDE4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C54671C-62DE-41ED-9D5D-94860EE03F29}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{2C5F6FF0-49A6-4AE3-B62F-9ECB9A7451B5}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2D2A8B37-0D58-486D-98F7-53921304A2A1}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |
"{2E050AA0-7266-4978-A5E8-586F4B6805B3}" = protocol=17 | dir=in | app=c:\program files (x86)\barnes & noble\nookstudy\nookstudy.exe |
"{2E5B7A0F-3B6A-45E6-8285-AF107BF89694}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{2F55C717-233A-4BF6-B1AD-3CBC70CB026A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2FE50018-6EFF-41B1-AB00-1DA2688893D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3088DD23-BD97-460F-9119-A18960108506}" = protocol=6 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe |
"{30D34E07-9C08-4420-95AA-24984EB33BFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{31126E17-97F8-4114-9364-252492EFA03E}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{350EACCA-0F6E-4C41-9975-FA2864882410}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3663FE19-62A2-4B25-B4CC-6CDEB8BDB804}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3699EE8F-FD56-4FC4-98C0-74E0730E0648}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{3A0BCA63-6F1D-470B-BC2C-26070893393C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{3AA94A4D-F2B9-414A-A23D-8020E0E586C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{3ACB3107-E22B-4742-B224-4C003B1C5AE8}" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii.exe |
"{3BBCB827-2D34-4915-AEBB-DD6B1043C67C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{3BE8FCEA-8BEA-4A3E-B30E-E1A75470D333}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{3E6C6126-CD0E-4B73-8731-C66B01569F89}" = protocol=17 | dir=in | app=f:\day z\tools\bin\rsync.exe |
"{3E955CAD-CF87-4B7F-804E-810E430199D1}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{401221E2-A86D-46BA-B431-5C7337B8C042}" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii public test.exe |
"{402AA3D3-786C-4A9C-8610-27B48DA11E5E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{4047DCA6-AF98-4815-B12D-C8FFA5F2AB91}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{40E61E53-5366-46CA-AFD2-994845999EE3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{424248A2-8BA8-4BBD-BA2A-61FE74E8EFB9}" = protocol=17 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe |
"{44D18915-6DE7-4772-9E30-0EF7D6C978EE}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{4A267276-2F69-41CE-A55E-44AF571EC582}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{4A52A33F-9016-4ACA-A569-E5C5F42629BA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{4B212681-3459-482B-83CB-38D93C6576FB}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{4E37F4CA-1019-4B91-B521-EBBAD27FCA8F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{5119B0CB-77BC-49D3-8D46-7A03D61740E9}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{5255D182-C867-44E7-A9D6-2F05918CB7C7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{54FD11EC-73A1-4924-A85D-7BEDEC8071FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{578D03D3-9964-4C98-9C88-967C77394B97}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{58C66C71-CDF5-4DDE-B651-81F9A7A95B0D}" = protocol=17 | dir=in | app=f:\utorrent.exe |
"{597B149A-AF97-4635-9509-232BBE98B70B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5985C04A-D928-4866-B017-16D5DD046F06}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{5AF6404B-8804-4F2C-B2AA-AD1E69B0F10F}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"{5DB8D8AD-A053-443D-B56D-E680D0F0CAD2}" = protocol=6 | dir=in | app=c:\program files (x86)\barnes & noble\nookstudy\nookstudy.exe |
"{5FBAB199-D023-4836-B7F6-14DBA7C442E3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{639627B0-E7EA-4066-9C09-4F519D564F33}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{649BEDF0-601E-42A6-8533-77FACD292DB8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{64F975F5-C074-4AD3-84E7-710AE11EED4C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{656F20E1-FE79-46E1-8F0C-F038273DEAFF}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{66FB7D13-F7F9-4A97-98F6-65ADA9862186}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{68A9D4F6-42A7-4E21-A71B-258DB2AA7E9A}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe |
"{69D16105-5F51-4F3A-A231-57F47C8E18AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C8D69C8-E077-4E8B-B4CF-73763C888F18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{6E8A2030-5C34-4DF7-A06F-019BF078629F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6ECA2E70-2171-4EE4-BCB7-B91062495F11}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{73B06D9A-55AF-48D8-81D8-CF10F9655596}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{75147BA9-A79D-40C0-9ABB-B12175D7BC10}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{75D1AD7B-6723-463E-A4E7-DAE01B23CAC7}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{7648EC1F-4474-4044-8657-3746FA84AEDC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{767D2765-EBB0-4BFA-AD14-2D7BBF8C8704}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{76FAD55C-0527-4745-8ED9-FAF0E7FFB9AA}" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"{78388A1A-F9EE-45F8-836F-82ADD760470B}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{7DD7B8A3-4FD6-407F-BFB7-2F025010476A}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"{7DEC905C-5706-48E8-86F4-3444374027EB}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |
"{7EB799B3-8542-459A-A09B-6E44CB35A444}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe |
"{7ECFE570-CA0A-4855-BABD-284509EACCB7}" = protocol=17 | dir=in | app=f:\\utorrent.exe |
"{7F18EE41-71C1-4F78-B9EC-3F980EF19430}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{7F58E107-2219-4402-9FB0-44CBA6647F0E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{817864C7-A175-4B6C-9803-C0109AE34A16}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |
"{81A43FE0-8149-4ABB-A030-CE6D52B31CCA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{81E6B8F1-DB2B-4EFB-839D-59C5D4D11F11}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{82D0B270-CB73-4C11-9024-C0D2399214E3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{82F45EA2-0A3A-4973-AE42-E2480DD45132}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\unreal tournament\system\unrealtournament.exe |
"{83A1C127-B064-40B0-B88B-3B057C6AD53A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{83D7C6D1-A332-4EBE-B955-B0EED642F39A}" = protocol=6 | dir=in | app=g:\new folder\guild wars 2\gw2.exe |
"{87F4E8E2-410D-47D9-8968-6E2AFEB02943}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{884B2017-8FBE-453E-9AA6-45C7843DAF90}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{8920722C-34DB-49BC-93AB-521870A6BCB2}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{895C504B-9145-4D30-BDAE-2B7EFEA46D8B}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"{8A335029-FCCC-429B-A3C0-547B8A758AA1}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{8AB6C497-B7EC-438F-95FD-8DF6667B042C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{8C187D5B-603A-4881-8717-64E27309F7C5}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"{8CBA291B-45FC-416D-84F5-406F841D00EA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{8DADE716-2CED-4ACD-A11D-16508DC451EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F5C3B16-4430-4DCC-8419-AE000178A652}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{91AA8F6E-E917-41EE-8041-EA09A4862743}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{93CF3F37-78B1-44A7-A5D7-4732786F4C54}" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii public test.exe |
"{9405DAC1-1612-43AB-B983-2C2ADB77EC58}" = protocol=17 | dir=in | app=f:\diablo iii\diablo iii\diablo iii.exe |
"{94C796C3-B4D6-469F-818E-28DFDCDA90E7}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{9615967C-A287-4B9B-93C1-A338F0AABEA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96AD1E2D-CC60-47F9-9E9E-244317F78F5E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{97E93651-B636-470C-B4AC-64B74999D6A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A0A8905-7077-4747-B54D-733385AF97CE}" = protocol=6 | dir=in | app=f:\diablo iii\diablo iii\diablo iii.exe |
"{9B4176DB-6254-4F70-BA44-2690DCED717B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DB95938-6E1F-4F00-81AF-7B9EDB2B4C3C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{9E2FBFA0-1649-4656-B48A-FDC74DB906D6}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{9E7F3462-546E-4FA9-943C-F65C8E91CEBC}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{9ED88EC1-71BB-4677-A59C-6F9C8595CD3A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe |
"{9F3D23C0-D1FB-4B1F-ABDA-D236EB1681DE}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"{9F799987-BA5C-4706-9376-00C9E2539AE0}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe |
"{9F90F4FA-14A1-4A5C-87F3-14CDA0A64896}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{A0D99028-A7E7-4BCC-9053-6CA7CBDA68D7}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{A22B4201-E046-46BE-936E-8A730D9959FC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{A26F8911-E695-4C75-917F-BE39AC7CC8B9}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{A4AA5C9E-A20A-4951-A078-F8C2B710E3F3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A5070C9A-5A84-4CA1-A554-CF6B88E2F946}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{A542E8E5-6100-48DA-875C-4927CCE9CE97}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{A6A78385-6D0D-49C7-A1A8-53F3330F108F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\counter-strike source\hl2.exe |
"{A7684851-FFFC-4094-A91C-51DDA6AB1B53}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{A7B7513C-1D4E-466B-BE7E-2FF7F648F6A8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{A8351A75-D349-44F7-AE84-E09543EB7C86}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{A91687C1-FE2D-491E-8AB0-4E085D9B9B8A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{ABB97294-0386-4A93-B1D4-EE8A376B281D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\counter-strike source\hl2.exe |
"{ACE222B9-E445-49A5-87EB-7844BFAFC38F}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |
"{AE58CCCF-5A84-4803-B24C-1C65D95FF153}" = protocol=17 | dir=in | app=g:\new folder\guild wars 2\gw2.exe |
"{B0E83D9E-B7AF-4923-8B5D-6A1FD3601D83}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"{B203446A-407E-47D4-B031-9C2D2E529B66}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{B354DA3A-BB12-413E-80E1-E9E351045CB3}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe |
"{B5AEB904-A9E3-4D25-A0AC-7ED9D288097D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5F68FA1-7837-48B9-802F-4F136785D910}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"{B615C6CF-D96C-494E-907D-38D14B38E436}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BAB7CD36-E140-4744-84D5-E3345A92B75A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{BB877D2E-46D1-420C-855E-4D95AB509CDA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe |
"{BDA6D3B6-C7C6-48F5-BE52-A2105B545452}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{BFF17062-F340-4CCD-A3A9-D1D899AB6628}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{C0FD77A3-5B1B-43A2-BCCE-849365BFB548}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{C1FD5DB6-E5AB-4A51-8B64-151130CEB095}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C22EA2CE-540C-4B14-B0EE-4899B7816571}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{C2B0BA70-CFAC-4D16-B9EC-0855CA4B10BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2FD3BBF-9888-4B5B-825C-70363389B199}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{C916A29A-795C-4CD7-A374-E12ACAB49126}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{C9DEDBE1-A319-4BFB-A735-AE0DC24BC9A7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{CA3C9C66-828D-4F80-BB99-53BD2952E4A4}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{CC25227A-AE05-43FF-A9DD-EF01886E4127}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{CD19B5C2-7501-47CB-94D7-916F2AA5809F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CD78A8BE-ACBD-42B9-A3E5-6DD85DF6344E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{D2AA8210-F98A-4260-8AC1-F080E97FC049}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{D378A62F-2A48-4955-9CDB-B81D5D8DA71C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{D49521C5-EFB6-459D-8495-7A01D7248B3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D50842EE-4CA2-42DE-94AB-4FDB6FA29B9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D51F9CD9-F1DE-4C47-8E38-F3ACD89DB6BF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D5D78A8E-D31A-4A86-9B81-C359C9AE686E}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{D66798BE-9045-404A-951B-79F025FCEA56}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{D6D920BE-BD6E-4025-98F5-FCE50D3A1675}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{D7B415FF-B3A4-455A-81D4-4D74BBCADFD2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DB52AD37-5050-4765-8C99-EB11D058C4C6}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{DDE6EDF5-2B4C-48C5-B90C-69D6593B2FD3}" = protocol=6 | dir=in | app=f:\utorrent.exe |
"{E2AE90C8-CE96-4B06-989D-FF1D120E96BE}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E2D16EE4-520D-44F8-B3AA-D567405AFDCF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{E34552B5-0703-4C9B-AD1F-F4965F9FB4E2}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{E4DF978D-89CD-4583-A259-A5E1A5335CFA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E4EF226D-E7D0-443C-A487-0E439459CB78}" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"{E8EEDDED-7811-4019-B294-121C5D2D1D03}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{E9124209-9065-46C5-9F98-71B85D21426A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{E9F92A21-21C1-4914-B019-3C891A06F4E3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"{EA994B5A-52DD-4BA4-AD46-7AF12B1BCD5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBD20F75-AFBE-4ECC-BD55-DAA524180ED4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EBDD86B0-0CC6-492B-A07B-DABE9E4FC4DA}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{EBE6126F-8ADA-43B4-B143-812A5E16D2AD}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{EC8B326A-83DA-4DD4-ADD1-407EFD201F65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE33795D-AD94-431B-8391-68E979A47259}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{EE82A31C-7C0E-4EA2-85F1-9B0F521943E7}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{F0C3BA6D-C968-4534-A500-AAF44C7D8756}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{F0C52259-88A2-4545-A73F-09F0CA6D7976}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{F240CB5F-5B00-42FF-B5B8-298E0AA20D30}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{F4248DD2-450D-4741-9B5E-210EBF1079F8}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{F72A4CC5-1A6E-43B6-AF33-B15C6155E567}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{FAE84FF1-83ED-4656-A99C-E57137F1E116}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB5F7EBF-595E-4562-9802-829ABD99AFC4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FC30E7F4-E7DF-4C56-A574-C6FF86E92E2C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"TCP Query User{046244AD-139E-4FA3-A769-844E2BD33B3B}F:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"TCP Query User{08EAA4AC-D63C-4AE4-89B5-66132317AA2F}F:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{244DB107-4D1F-4C0C-9B7A-7FBA466593D0}F:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{26B0834B-4429-4196-9C96-6BB646387C97}F:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe |
"TCP Query User{2DE5910B-D258-4DB2-801F-D17C473E8F24}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{2F272903-9709-4440-83E2-7859718154A1}F:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{3C703AF3-BCF4-462C-BB2A-D01080196F54}F:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{43760748-4162-42A8-85FB-0BF74DFE8315}F:\starccraft 2\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{44B1D783-E045-496E-B452-62EE27585170}G:\new folder\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=g:\new folder\guild wars 2\gw2.exe |
"TCP Query User{481D3B38-1881-43A5-AA0A-3BAC20ED1253}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{4B8298CB-FF61-4B97-9E13-58F95BE8C9EF}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe |
"TCP Query User{690DC584-4C3B-436F-A5F7-4907B8CB6364}F:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{70EE3B10-F5A1-4F9C-B840-64D355D06734}F:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"TCP Query User{7B857455-9FFC-4A65-AE5A-102E39A5D7B8}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{7CEDF7C2-A840-471A-8DA8-A9368D729955}F:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{7D39036F-E3F7-437F-9D66-CB0B3B4A5F2D}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{7E01F87F-EF89-44E5-BDDC-B5273140B95A}C:\users\rob\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe |
"TCP Query User{86FD60D4-774B-4A18-AD5F-C6D7C8BC33BD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{8C193094-DE35-470A-A97A-D01F9A60D604}F:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe |
"TCP Query User{8F503BF6-0515-4E13-94DF-F87E34349278}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{A996A688-184E-4083-83DE-D7980D14D477}F:\utorrent.exe" = protocol=6 | dir=in | app=f:\utorrent.exe |
"TCP Query User{B7A8CE45-C249-4D49-AFE6-15D809C0A51E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C76F531E-BCEE-4555-87EB-624FAFFDD456}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{D9CA233B-A4CA-4106-AB05-909BF68843D6}F:\day z\tools\bin\rsync.exe" = protocol=6 | dir=in | app=f:\day z\tools\bin\rsync.exe |
"TCP Query User{E2D08C07-CB5E-494C-B341-C8FAED6159C9}F:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{E67D2459-9704-47AA-9713-CD86B04257D2}F:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"TCP Query User{EDE157CE-6EEF-4894-BC0F-A7EFA2F376C6}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{F7DDB3D8-1F3C-47E8-AE08-9BF826306A4D}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe |
"TCP Query User{FE77B02C-9B23-448B-918C-BCCE07566DC8}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{0999E1A1-F62B-4AB6-BEB2-10AA6F8502FC}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{165F1FA8-DED8-4ACC-AE11-80EF8ADEE1FD}F:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe |
"UDP Query User{198463AF-94F7-410E-95A0-F2100C033500}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{2B8B20A5-5D46-4ABA-9F81-AFB945A974C1}F:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe |
"UDP Query User{3A439B9C-6388-4B56-A10A-871CA75612E5}F:\starccraft 2\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{3B27DB33-FFB4-47F3-82E2-3D6EE8D3CCF4}F:\utorrent.exe" = protocol=17 | dir=in | app=f:\utorrent.exe |
"UDP Query User{517BA573-704E-4FB7-85DA-71F95514AFFF}F:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{63A6F0C3-07C8-4059-A331-C00C7178ECB0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{63C25C0E-9D49-4434-8718-A2F37DA94D5F}F:\day z\tools\bin\rsync.exe" = protocol=17 | dir=in | app=f:\day z\tools\bin\rsync.exe |
"UDP Query User{6A46F9D0-1733-4483-B71E-F9A3AE08EDEC}F:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{6A9DBDEA-7584-4071-84C5-34329E0C5D34}F:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"UDP Query User{721341C5-7722-4F1F-8F67-E5BE62EADB56}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe |
"UDP Query User{98B61749-8C94-4F19-8B6F-916FB3D8CDA5}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{9FD56B18-2DC3-45F2-9080-B507A0EED8C1}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{A77FEBB9-8F57-4FF1-874E-16201238FCE6}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{A8601990-A9C8-46A3-8FDB-4C11788D6154}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe |
"UDP Query User{AAD551C3-CAC2-48D7-91D1-E89C91627201}F:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{AC1A7374-5187-4167-BCD2-D0E1A439A5C3}F:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{B07F99E0-11FE-4762-A387-4E12E231AE35}F:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"UDP Query User{BDF2DE6C-23B0-42E9-AB45-C5D2FDB93A9A}F:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{C7B8BAA8-7D48-4C10-A6C3-5A153C5C8BEC}C:\users\rob\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe |
"UDP Query User{C9B11F65-65CB-4306-8960-339BACD326A6}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{CAF36CA4-9ACC-485D-9AA4-1877FF14DFDA}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{CFDC0F72-6A88-406C-9902-63B2EA00FC30}F:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{D286942C-90D1-4664-B9DF-FBDFEE9AD41C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{DB511CBA-3AA7-4173-AACE-81DB42C963B1}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{F7F8289A-79FF-47EA-A3CB-743D1D710F5D}F:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{FB13CA5E-5D0F-42EA-9E1E-379B58E04117}G:\new folder\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=g:\new folder\guild wars 2\gw2.exe |
"UDP Query User{FB83AE81-B095-475D-8430-9B704BBB32FF}F:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java™ 7 Update 3 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack
"{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Add-in
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7F4DD591-1664-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012
"{7F4DD591-1664-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 English Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C2FDFFA3-3066-4366-9749-1C5070EAA526}" = Smart Technology Programming Software 7.0.12.11
"{D25FF5C1-1664-469A-9794-69309387C193}" = Quick Uninstall Tool for Autodesk Inventor 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E027C59C-4C47-4BE8-8078-BCD3D2680EC3}" = Eco Materials Adviser (x64)
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion for Inventor 2012 Add-in" = Autodesk Inventor Fusion for Inventor 2012 Add-in
"Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 English
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B0FC5A8-C3B6-33B7-9069-0D3BC69D2E50}" = Google Talk Plugin
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{32A3A4F4-B792-11D6-A78A-00B0D0160300}" = Java™ SE Development Kit 6 Update 30
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7424809B-AA4A-4B2F-88A8-865F15F778B6}" = Equalify v2.1.2 (admin setup)
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94F6AE6D-3339-4FC9-9BD2-C6B82D975DBF}" = HTC Sync
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BFFC2681-5F7C-45BC-981A-277A29332678}" = Intel® Data Migration Software powered by Acronis
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi
"{CC419DDC-E0F0-4013-B25A-6FA036516F0D}" = Need for Speed™ ProStreet
"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D30F78E6-2A82-48E5-94A9-D295D64501BF}" = MathGV 4.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7_Carbon_folder" = 7_Carbon.rar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.6.0.1
"Fraps" = Fraps (remove only)
"Guild Wars" = Guild Wars
"Guild Wars 2" = Guild Wars 2
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"LogMeIn Hamachi" = LogMeIn Hamachi
"NOOK Study" = NOOK Study
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 113420" = Fallen Earth
"Steam App 12210" = Grand Theft Auto IV
"Steam App 13240" = Unreal Tournament: Game of the Year Edition
"Steam App 17500" = Zombie Panic Source
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 2400" = The Ship
"Steam App 24200" = DC Universe Online
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33900" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 4560" = Company of Heroes
"Steam App 47890" = The Sims™ 3
"Steam App 49520" = Borderlands 2
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive Beta
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"101a9f93b8f0bb6f" = Curse Client - 1
"Google Chrome" = Google Chrome
"NCsoft-Aion" = Aion
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/4/2013 4:35:06 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5008
Error - 1/4/2013 4:35:07 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/4/2013 4:35:07 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006
Error - 1/4/2013 4:35:07 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006
Error - 1/4/2013 4:35:08 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/4/2013 4:35:08 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005
Error - 1/4/2013 4:35:08 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005
Error - 1/4/2013 4:35:09 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/4/2013 4:35:09 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8050
Error - 1/4/2013 4:35:09 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8050
[ Media Center Events ]
Error - 6/14/2012 8:20:14 PM | Computer Name = BEAST | Source = MCUpdate | ID = 0
Description = 8:20:14 PM - Error connecting to the internet. 8:20:14 PM - Unable
to contact server..
Error - 6/14/2012 8:20:23 PM | Computer Name = BEAST | Source = MCUpdate | ID = 0
Description = 8:20:19 PM - Error connecting to the internet. 8:20:19 PM - Unable
to contact server..
Error - 6/16/2012 11:10:38 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0
Description = 11:10:38 AM - Error connecting to the internet. 11:10:38 AM - Unable
to contact server..
Error - 6/16/2012 11:11:11 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0
Description = 11:11:07 AM - Error connecting to the internet. 11:11:07 AM - Unable
to contact server..
Error - 6/16/2012 11:52:59 PM | Computer Name = BEAST | Source = MCUpdate | ID = 0
Description = 11:52:56 PM - Error connecting to the internet. 11:52:56 PM - Unable
to contact server..
Error - 6/17/2012 12:53:06 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0
Description = 12:53:05 AM - Error connecting to the internet. 12:53:05 AM - Unable
to contact server..
Error - 6/17/2012 1:53:14 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0
Description = 1:53:13 AM - Error connecting to the internet. 1:53:13 AM - Unable
to contact server..
Error - 6/17/2012 2:53:22 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0
Description = 2:53:21 AM - Error connecting to the internet. 2:53:21 AM - Unable
to contact server..
Error - 11/27/2012 4:05:05 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0
Description = 3:05:05 AM - Error connecting to the internet. 3:05:05 AM - Unable
to contact server..
Error - 12/1/2012 11:17:52 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0
Description = 10:17:14 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
[ System Events ]
Error - 1/6/2013 2:26:09 AM | Computer Name = BEAST | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
Error - 1/6/2013 2:26:09 AM | Computer Name = BEAST | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069
Error - 1/8/2013 1:17:43 PM | Computer Name = BEAST | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.
Error - 1/8/2013 1:17:49 PM | Computer Name = BEAST | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.
Error - 1/8/2013 1:17:54 PM | Computer Name = BEAST | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.
Error - 1/8/2013 1:19:21 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
Error - 1/8/2013 1:19:21 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069
Error - 1/8/2013 1:23:50 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WSearch service.
Error - 1/9/2013 12:19:42 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
Error - 1/9/2013 12:19:42 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069
< End of report >
-
Here is the OTL.txt file
OTL logfile created on: 1/9/2013 11:24:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.11% Memory free
16.00 Gb Paging File | 14.01 Gb Available in Paging File | 87.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 2.32 Gb Free Space | 3.12% Space Free | Partition Type: NTFS
Drive D: | 6.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 189.92 Gb Total Space | 32.64 Gb Free Space | 17.19% Space Free | Partition Type: NTFS
Drive F: | 931.50 Gb Total Space | 148.74 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
Drive G: | 931.50 Gb Total Space | 607.34 Gb Free Space | 65.20% Space Free | Partition Type: NTFS
Drive H: | 74.52 Gb Total Space | 17.83 Gb Free Space | 23.92% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 1.91 Gb Free Space | 51.36% Space Free | Partition Type: FAT32
Drive K: | 7.21 Gb Total Space | 6.84 Gb Free Space | 94.83% Space Free | Partition Type: NTFS
Computer Name: BEAST | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/01/08 21:05:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/11/19 21:48:16 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/11/11 23:06:23 | 000,038,744 | ---- | M] (NCSoft) -- F:\AION\AION2\NCLauncher.exe
PRC - [2012/10/30 12:04:17 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/29 15:05:50 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/16 10:51:57 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/09 12:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/12/07 15:11:56 | 000,659,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/01 12:08:06 | 000,362,296 | ---- | M] (Intel) -- C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe
PRC - [2010/11/01 12:06:46 | 002,605,224 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
PRC - [2009/07/06 17:33:20 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2009/07/06 16:44:14 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/07/06 16:43:44 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/07/06 16:20:56 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/07/06 16:20:32 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
PRC - [2009/05/27 14:46:52 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/12 10:18:06 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
========== Modules (No Company Name) ==========
MOD - [2012/11/18 10:54:22 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\409c27bc1e434bf90f0df3d7096613bd\System.Design.ni.dll
MOD - [2012/11/18 10:54:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/18 10:53:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/18 10:53:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/18 10:53:36 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll
MOD - [2012/11/18 10:53:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/18 10:53:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/18 10:53:30 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/18 10:53:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/11 23:06:23 | 000,217,088 | ---- | M] () -- F:\AION\AION2\UnRar.Net.dll
MOD - [2012/11/11 23:06:23 | 000,024,576 | ---- | M] () -- F:\AION\AION2\NC.Logging.dll
MOD - [2012/10/29 15:05:50 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/01 10:58:44 | 000,028,512 | ---- | M] () -- C:\Program Files (x86)\Intel\DataMigrationSoftware\Common\rpc_client.dll
MOD - [2009/07/06 16:39:42 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2009/07/06 16:04:56 | 000,185,856 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2009/07/06 16:04:56 | 000,185,856 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2007/01/11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files (x86)\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/01/08 02:46:48 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/19 22:33:53 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/12 10:38:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/19 21:48:16 | 002,462,128 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/16 10:51:57 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/07 17:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- F:\Autodesk 2\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
SRV - [2010/11/01 12:10:18 | 001,164,704 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe -- (IntSch2Svc)
SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/28 16:26:54 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/11/10 09:28:22 | 000,052,160 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2011/11/10 09:28:22 | 000,024,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2011/09/20 09:32:38 | 000,183,104 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CCB.sys -- (SaiK0CCB)
DRV:64bit: - [2011/09/20 09:32:38 | 000,047,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/29 01:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/11 15:47:18 | 000,348,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/11/06 07:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011/12/28 16:52:45 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Rob\Downloads\RealTemp_360\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 E6 0A CA 11 C4 CC 01 [binary data]
IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0007a7905e50a79
IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2012/01/17 14:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2012/04/14 12:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\g148r1jb.default\extensions
[2011/11/05 12:07:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/12/16 22:11:52 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/17 17:19:30 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 08:42:46 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/15 13:19:52 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/05 12:16:17 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/04/28 09:33:21 | 000,000,000 | ---D | M] (Anti-Banner) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\KAVANTIBANNER@KASPERSKY.RU
[2011/04/28 09:33:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: AdBlock = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: Hover Zoom = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.8.3_0\
O1 HOSTS File: ([2012/04/03 11:03:57 | 000,441,500 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15173 more lines...
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [intel Scheduler2 Service] C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe (Intel)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DataMigrationSoftwareMonitor.exe] C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe (Intel)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [Adobe ARM] C:\ProgramData\ifgxpers.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [NCsoft Launcher] F:\AION\AION2\NCLauncher.exe (NCSoft)
O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [NVIDIA System Monitor] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe (NVIDIA)
O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [spotify] C:\Users\Rob\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [spotify Web Helper] C:\Users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22CEA189-4E2D-41B5-8F51-2D1DA806E2D4}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80B7A150-9C2C-4924-9282-2F581DDA10AA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8E14235-B895-4AE2-8EE6-69B5E1DB41B0}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/04 16:57:14 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/02/20 19:12:01 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/01/05 18:18:43 | 000,000,000 | ---D | M] - F:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2012/01/08 02:50:12 | 000,000,000 | ---D | M] - F:\Autodesk 2 -- [ NTFS ]
O32 - AutoRun File - [2012/01/05 17:03:56 | 3511,359,788 | ---- | M] () - F:\Autodesk_Inventor_2012_English_Win_64bit.exe -- [ NTFS ]
O32 - AutoRun File - [2010/02/20 22:25:39 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/12/27 22:08:21 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/01/09 11:21:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2013/01/09 11:18:12 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{44FCE7E0-6BC6-4E25-A430-4504B3C37A19}
[2013/01/08 12:18:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Rob\Desktop\dds.scr
[2013/01/08 12:17:53 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A3DCED61-C79B-40E8-8735-2561C42D18E6}
[2013/01/06 01:25:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{F579FC83-F2B8-4CE6-8DC5-11D8B8221E4B}
[2013/01/05 19:36:11 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2013/01/05 15:34:35 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{50930E73-8198-46BE-A1C0-8E707B59B732}
[2013/01/04 23:15:17 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2261E2FB-AD99-43DE-9ACA-95E8EBD68378}
[2013/01/04 22:42:56 | 000,104,176 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\ifgxpers.exe
[2013/01/03 20:29:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{F7D61B68-CDB9-4081-B4AC-91479013FA49}
[2012/12/31 11:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/12/31 11:50:44 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/12/31 11:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/12/31 11:36:56 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\StarCraft II
[2012/12/31 11:33:51 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{0D97F737-9DEB-4DCF-B09E-EE036DBB4021}
[2012/12/28 17:29:34 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{06E38DAE-9904-4353-9882-879B28FE902E}
[2012/12/27 12:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MathGV 4.1
[2012/12/27 12:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MathGV
[2012/12/22 23:16:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{249F436C-E09D-4007-B949-31F2B0292E55}
[2012/12/22 03:00:32 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/22 03:00:32 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/22 03:00:32 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/22 03:00:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/19 23:24:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\ftblauncher
[2012/12/14 17:06:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{75A1AEBE-8355-48EE-90BF-748A5CC0A066}
[2012/12/13 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A23DBFDF-DB48-4A52-B2E5-94BA9A2DB5F0}
[2012/12/13 13:35:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\7_Carbon
[2012/12/13 13:34:33 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\WinRAR
[2012/12/13 13:34:32 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/12/13 13:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/12/13 13:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/12/13 12:13:03 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2012/12/13 10:41:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/13 10:41:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/13 10:41:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/13 10:41:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/13 10:41:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/13 10:41:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/13 10:41:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/13 10:41:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/13 10:41:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/13 10:41:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/13 10:41:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/13 10:41:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/13 10:41:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/13 10:41:01 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/13 10:41:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 20:10:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 20:10:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 20:10:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 20:10:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 20:10:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 20:10:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 20:10:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 20:10:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 20:10:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 20:10:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 20:10:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 20:10:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 20:10:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 20:10:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 20:10:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 20:10:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 20:10:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 20:10:24 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 20:10:24 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/10 22:54:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\prog7
========== Files - Modified Within 30 Days ==========
[2013/01/09 11:27:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/09 11:27:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/09 11:24:44 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 11:24:44 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 11:21:55 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/09 11:21:55 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 11:21:55 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/09 11:17:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/09 11:17:35 | 2146,332,671 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/08 21:05:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2013/01/07 15:51:30 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Rob\Desktop\dds.scr
[2013/01/06 01:48:31 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001UA.job
[2013/01/04 23:13:15 | 000,751,078 | ---- | M] () -- C:\ProgramData\1.bmp
[2013/01/04 23:12:59 | 000,114,943 | ---- | M] () -- C:\ProgramData\1.jpg
[2013/01/04 23:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/04 22:42:56 | 000,104,176 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\ifgxpers.exe
[2013/01/04 21:48:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001Core.job
[2012/12/31 12:08:00 | 000,000,747 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/12/31 11:50:36 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/12/30 13:10:25 | 005,185,290 | ---- | M] () -- C:\Users\Rob\Desktop\BLARRG.png
[2012/12/28 14:48:13 | 000,000,553 | ---- | M] () -- C:\Users\Rob\Desktop\server.properties
[2012/12/27 14:46:28 | 000,026,994 | ---- | M] () -- C:\Users\Rob\Desktop\aaron work 2.png
[2012/12/27 14:22:27 | 000,026,186 | ---- | M] () -- C:\Users\Rob\Desktop\aaron work 1.png
[2012/12/22 10:08:16 | 000,000,318 | ---- | M] () -- C:\Users\Rob\Desktop\Curse Client - 1 .appref-ms
[2012/12/22 03:17:16 | 000,376,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/20 22:47:27 | 002,242,895 | ---- | M] () -- C:\Users\Rob\Desktop\Minecraft_Server (1).exe
[2012/12/19 23:58:30 | 000,001,143 | ---- | M] () -- C:\Users\Rob\Desktop\FTB_Launcher - Shortcut.lnk
[2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 00:03:53 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/14 00:03:53 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/13 18:54:23 | 000,002,470 | ---- | M] () -- C:\Users\Rob\Desktop\Google Chrome.lnk
[2012/12/13 18:29:03 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/12 10:38:41 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/12 10:38:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/11 01:55:51 | 000,000,600 | ---- | M] () -- C:\Users\Rob\AppData\Local\PUTTY.RND
[2012/12/11 01:52:29 | 000,001,075 | ---- | M] () -- C:\Users\Rob\.drjava
========== Files Created - No Company Name ==========
[2013/01/04 23:13:15 | 000,751,078 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/01/04 23:12:59 | 000,114,943 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/12/31 11:50:27 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/12/31 11:36:56 | 000,000,747 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/12/30 13:10:24 | 005,185,290 | ---- | C] () -- C:\Users\Rob\Desktop\BLARRG.png
[2012/12/27 14:46:28 | 000,026,994 | ---- | C] () -- C:\Users\Rob\Desktop\aaron work 2.png
[2012/12/27 14:22:27 | 000,026,186 | ---- | C] () -- C:\Users\Rob\Desktop\aaron work 1.png
[2012/12/19 23:58:30 | 000,001,143 | ---- | C] () -- C:\Users\Rob\Desktop\FTB_Launcher - Shortcut.lnk
[2012/12/13 18:15:52 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/09/03 22:38:26 | 000,000,600 | ---- | C] () -- C:\Users\Rob\AppData\Local\PUTTY.RND
[2012/09/03 14:42:22 | 000,001,075 | ---- | C] () -- C:\Users\Rob\.drjava
[2012/07/25 17:51:44 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/06/08 21:21:24 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/02/10 18:11:29 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\Pbsvc.exe
[2012/01/08 02:42:51 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/26 23:02:43 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/26 23:02:43 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
========== ZeroAccess Check ==========
[2012/01/12 21:05:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/01/03 20:15:04 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\.minecraft
[2012/01/16 13:35:11 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Autodesk
[2012/04/08 15:29:30 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Barnes & Noble
[2012/12/11 01:54:09 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FileZilla
[2013/01/03 00:01:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ftblauncher
[2012/02/08 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Leadertech
[2012/03/04 22:44:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Notepad++
[2012/01/05 13:07:45 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\OpenOffice.org
[2012/12/13 12:25:36 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Origin
[2012/03/11 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\RIFT
[2012/08/16 10:21:55 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\six-updater
[2012/07/22 14:32:43 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\six-zsync
[2013/01/09 11:18:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Spotify
[2012/03/13 11:23:46 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Teleca
[2012/01/12 21:07:15 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\The Creative Assembly
[2012/03/06 22:19:39 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TS3Client
[2012/06/29 18:29:19 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< %systemroot%\*. /mp /s >
< %systemroot%\*. /rp /s >
< %SYSTEMDRIVE%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/11/18 05:34:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9DE451C2C941CF6CB7A7E14171F497AA -- C:\.Trash-1000\files\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< End of report >
-
So I tried downloading the dds.scr program from both links but neither time would it produce a dds.txt file. Here is the attach.txt though.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume5
Install Date: 12/26/2011 3:54:02 PM
System Uptime: 1/8/2013 12:17:08 PM (0 hours ago)
.
Motherboard: EVGA | | 132-CK-NF78
Processor: Intel® Core2 Extreme CPU Q6850 @ 3.00GHz | Socket 775 | 3000/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 2.32 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 190 GiB total, 32.644 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 148.74 GiB free.
G: is FIXED (NTFS) - 932 GiB total, 607.338 GiB free.
H: is FIXED (NTFS) - 75 GiB total, 17.825 GiB free.
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
7_Carbon.rar
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Aion
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
Autodesk Inventor Fusion 2012
Autodesk Inventor Fusion 2012 Language Pack
Autodesk Inventor Fusion for Inventor 2012 Add-in
Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack
Autodesk Inventor Professional 2012
Autodesk Inventor Professional 2012 English
Autodesk Inventor Professional 2012 English Language Pack
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Low Resolution Image Library 2012
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
Bing Bar
Bonjour
Borderlands 2
Call of Duty: Modern Warfare 3 - Multiplayer
Company of Heroes
Counter-Strike: Global Offensive Beta
Curse Client
Curse Client - 1
D3DX10
DC Universe Online
Deus Ex: Human Revolution
Diablo III
Dota 2
Eco Materials Adviser (x64)
Equalify v2.1.2 (admin setup)
ESN Sonar
Fallen Earth
FileZilla Client 3.6.0.1
Fraps (remove only)
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Grand Theft Auto IV
Guild Wars
Guild Wars 2
HTC Driver
HTC Sync
Intel® Data Migration Software powered by Acronis
iTunes
Java Auto Updater
Java 6 Update 31
Java 7 Update 3 (64-bit)
Java SE Development Kit 6 Update 30
Junk Mail filter update
Logitech Gaming Software
Logitech Gaming Software 8.20
LogMeIn Hamachi
Magic: The Gathering – Tactics
Mass Effect™ 3 Demo
MathGV 4.1
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Corporation
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft LifeCam
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
Need for Speed™ ProStreet
NOOK Study
Notepad++
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Drivers
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA MediaShield
NVIDIA Performance
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA System Update
NVIDIA Update 1.10.8
NVIDIA Update Components
Origin
Pando Media Booster
PunkBuster Services
Quick Uninstall Tool for Autodesk Inventor 2012
QuickTime
Red Orchestra 2: Heroes of Stalingrad
RIFT
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Six Updater
Skype Click to Call
Skype™ 5.10
Smart Technology Programming Software 7.0.12.11
Spotify
Spybot - Search & Destroy
StarCraft II
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
The Ship
The Sims 3
The Sims™ 3
The Sims™ 3 Supernatural
Unreal Tournament: Game of the Year Edition
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VBA (2627.01)
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Xfire (remove only)
Zombie Panic Source
.
==== Event Viewer Messages From Past Week ========
.
1/8/2013 12:17:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
1/6/2013 1:26:09 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/6/2013 1:26:09 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
1/4/2013 11:34:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 11:34:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 11:34:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 11:15:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TONYWONDER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced.
1/3/2013 8:29:21 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer METALMONSTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced.
1/3/2013 2:25:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
1/3/2013 2:25:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nTuneService service.
1/3/2013 2:12:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
1/3/2013 12:35:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAVID-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced.
1/2/2013 8:45:54 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced.
1/2/2013 6:11:55 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/2/2013 3:15:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
1/2/2013 3:14:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
1/2/2013 3:14:35 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/1/2013 4:45:35 AM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
1/1/2013 3:14:16 AM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
1/1/2013 2:55:29 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 25.229.10.121. The computer with the IP address 25.5.181.100 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
-
The Windows Defender Offline Tool worked (took about 8-9 hours to complete) and successfully booted into regular windows. However I cannot find the file as I cannot find the "windows defender offline" folder. I also tried just searching for the file on all of the drives and still no luck.
-
I can boot into windows, but the virus locks me out of everything and I cannot load or run any programs, or at least as far as I know of. And safemode crashes before I can log in.
-
I also saw that most solutions asked the users who are in my position to search for the services.exe using the same tool. This is the log from scanning with frst64.exe that outputs the FRST.exe.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012
Ran by SYSTEM at 04-01-2013 23:53:53
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1680976 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] "c:\Program Files\Logitech Gaming Software\LCore.exe" /minimized [104008 2010-11-16] (Logitech Inc.)
HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-08] (NVIDIA Corporation)
HKLM\...\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe [310784 2011-08-10] (Saitek)
HKLM\...\Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2011-08-10] (Saitek)
HKLM-x32\...\Run: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions [598016 2009-05-27] (Teleca Sweden AB)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-14] (Apple Inc.)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [352976 2011-04-28] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1955208 2011-08-15] (LogMeIn Inc.)
HKU\Rowico\...\Run: [Google Update] "C:\Users\Rowico\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-12-16] (Google Inc.)
HKU\Rowico\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-12-05] (Valve Corporation)
HKU\Rowico\...\Run: [NVIDIA System Monitor] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" startup [1228392 2010-04-05] (NVIDIA)
HKU\Rowico\...\Run: [ViVi Cursor] "C:\Program Files (x86)\ViVi Cursor 2.0\ViVi_Cursor.exe" -start [x]
HKU\Rowico\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\Rowico\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-05] ()
HKU\Rowico\...\Run: [Akamai NetSession Interface] "C:\Users\Rowico\AppData\Local\Akamai\netsession_win.exe" [3305760 2011-12-12] (Akamai Technologies, Inc)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.87.71.230 68.87.73.246 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (GamersFirst)
==================== Services (Whitelisted) ===================
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_b427739.dll [3316000 2011-12-14] ()
3 Autodesk Network Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [1539224 2008-06-13] (Autodesk, Inc.)
2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" -r [352976 2011-04-28] (Kaspersky Lab ZAO)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
2 mitsijm2011; "C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe" [673792 2010-01-22] ()
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [276584 2010-03-22] (NVIDIA)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-25] ()
2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [282728 2009-11-06] (NVIDIA)
==================== Drivers (Whitelisted) =====================
3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [556120 2011-04-28] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
3 SaiK0CCB; C:\Windows\System32\Drivers\SaiK0CCB.sys [176136 2011-03-23] (Saitek)
3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [24640 2011-08-11] (Saitek)
3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52160 2011-08-11] (Saitek)
3 SaiU0CCB; C:\Windows\System32\Drivers\SaiU0CCB.sys [41352 2011-03-23] (Saitek)
3 WinRing0_1_2_0; \??\C:\Users\Rowico\Desktop\RealTemp_360\WinRing0x64.sys [14544 2011-07-18] (OpenLibSys.org)
3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2013-01-04 23:53 - 2013-01-04 23:53 - 00000000 ____D C:\FRST
2012-12-31 08:49 - 2012-12-31 08:50 - 00000000 ____D C:\Diablo III
2012-12-31 08:36 - 2012-12-31 08:50 - 00000000 ____D C:\StarcCraft 2
==================== One Month Modified Files and Folders =======
2013-01-01 16:40 - 2010-12-16 16:12 - 00000000 ____D C:\Program Files (x86)\Steam
2013-01-01 11:49 - 2012-11-24 09:25 - 00000000 ____D C:\Downloads from C
2012-12-31 08:50 - 2012-12-31 08:49 - 00000000 ____D C:\Diablo III
2012-12-31 08:50 - 2012-12-31 08:36 - 00000000 ____D C:\StarcCraft 2
2012-12-13 19:24 - 2012-06-15 18:14 - 00000000 ____D C:\Fraps
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8190.54 MB
Available physical RAM: 7382.42 MB
Total Pagefile: 8188.69 MB
Available Pagefile: 7379.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
2 Drive c: () (Fixed) (Total:931.5 GB) (Free:148.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]
3 Drive e: () (Fixed) (Total:931.5 GB) (Free:607.43 GB) NTFS
4 Drive f: (Windows XP - 80) (Fixed) (Total:74.52 GB) (Free:17.83 GB) NTFS
5 Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
6 Drive h: () (Fixed) (Total:74.43 GB) (Free:2.11 GB) NTFS
7 Drive i: (IT_CROWD_SEASON_2) (CDROM) (Total:6.78 GB) (Free:0 GB) UDF
9 Drive k: (USB20FD) (Removable) (Total:3.73 GB) (Free:1.92 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (New HD-200) (Fixed) (Total:189.92 GB) (Free:32.67 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 189 GB 5120 KB
Disk 1 Online 931 GB 8 MB
Disk 2 Online 931 GB 8 MB
Disk 3 Online 74 GB 8 MB
Disk 4 Online 74 GB 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 3824 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 189 GB 31 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y New HD-200 NTFS Partition 189 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy
=========================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB
==================================================================================
Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 931 GB Healthy
=========================================================
Partitions of Disk 3:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 31 KB
==================================================================================
Disk: 3
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F Windows XP NTFS Partition 74 GB Healthy
=========================================================
Partitions of Disk 4:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 74 GB 101 MB
==================================================================================
Disk: 4
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G System Rese NTFS Partition 100 MB Healthy
=========================================================
Disk: 4
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 H NTFS Partition 74 GB Healthy
=========================================================
Partitions of Disk 6:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 24 KB
==================================================================================
Disk: 6
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K USB20FD FAT32 Removable 3823 MB Healthy
=========================================================
Last Boot: 2011-12-22 21:19
==================== End Of Log =============================
-
Hi, my desktop was infected with the FBI moneyPak virus today and I cannot boot into safemode to run HijackThis or MBAM. I have already run the frst64.exe and have retrieved both logs. Any help will be greatly appreciated.
Thanks,
Rowico
FBI MoneyPak virus and cannot boot to safe mode
in Resolved Malware Removal Logs
Posted
Everything ran as they were supposed to, and yes my computer does not seem to have any remaining issues.
Thank you so much for getting my computer back up and running and clean.