Jump to content

FBI MoneyPak virus and cannot boot to safe mode


Recommended Posts

I also saw that most solutions asked the users who are in my position to search for the services.exe using the same tool. This is the log from scanning with frst64.exe that outputs the FRST.exe.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012

Ran by SYSTEM at 04-01-2013 23:53:53

Running from K:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1680976 2010-10-28] (Logitech, Inc.)

HKLM\...\Run: [Launch LCore] "c:\Program Files\Logitech Gaming Software\LCore.exe" /minimized [104008 2010-11-16] (Logitech Inc.)

HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-08] (NVIDIA Corporation)

HKLM\...\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe [310784 2011-08-10] (Saitek)

HKLM\...\Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2011-08-10] (Saitek)

HKLM-x32\...\Run: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions [598016 2009-05-27] (Teleca Sweden AB)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)

HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-14] (Apple Inc.)

HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [352976 2011-04-28] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1955208 2011-08-15] (LogMeIn Inc.)

HKU\Rowico\...\Run: [Google Update] "C:\Users\Rowico\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-12-16] (Google Inc.)

HKU\Rowico\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-12-05] (Valve Corporation)

HKU\Rowico\...\Run: [NVIDIA System Monitor] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" startup [1228392 2010-04-05] (NVIDIA)

HKU\Rowico\...\Run: [ViVi Cursor] "C:\Program Files (x86)\ViVi Cursor 2.0\ViVi_Cursor.exe" -start [x]

HKU\Rowico\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()

HKU\Rowico\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-05] ()

HKU\Rowico\...\Run: [Akamai NetSession Interface] "C:\Users\Rowico\AppData\Local\Akamai\netsession_win.exe" [3305760 2011-12-12] (Akamai Technologies, Inc)

Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Tcpip\Parameters: [DhcpNameServer] 68.87.71.230 68.87.73.246 192.168.1.1

AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll

Startup: C:\Users\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (GamersFirst)

==================== Services (Whitelisted) ===================

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_b427739.dll [3316000 2011-12-14] ()

3 Autodesk Network Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [1539224 2008-06-13] (Autodesk, Inc.)

2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" -r [352976 2011-04-28] (Kaspersky Lab ZAO)

2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()

2 mitsijm2011; "C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe" [673792 2010-01-22] ()

2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()

2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [276584 2010-03-22] (NVIDIA)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-25] ()

2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [282728 2009-11-06] (NVIDIA)

==================== Drivers (Whitelisted) =====================

3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()

0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)

1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)

1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [556120 2011-04-28] (Kaspersky Lab)

1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)

3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)

3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)

3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()

3 SaiK0CCB; C:\Windows\System32\Drivers\SaiK0CCB.sys [176136 2011-03-23] (Saitek)

3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [24640 2011-08-11] (Saitek)

3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52160 2011-08-11] (Saitek)

3 SaiU0CCB; C:\Windows\System32\Drivers\SaiU0CCB.sys [41352 2011-03-23] (Saitek)

3 WinRing0_1_2_0; \??\C:\Users\Rowico\Desktop\RealTemp_360\WinRing0x64.sys [14544 2011-07-18] (OpenLibSys.org)

3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x]

3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [x]

3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-01-04 23:53 - 2013-01-04 23:53 - 00000000 ____D C:\FRST

2012-12-31 08:49 - 2012-12-31 08:50 - 00000000 ____D C:\Diablo III

2012-12-31 08:36 - 2012-12-31 08:50 - 00000000 ____D C:\StarcCraft 2

==================== One Month Modified Files and Folders =======

2013-01-01 16:40 - 2010-12-16 16:12 - 00000000 ____D C:\Program Files (x86)\Steam

2013-01-01 11:49 - 2012-11-24 09:25 - 00000000 ____D C:\Downloads from C

2012-12-31 08:50 - 2012-12-31 08:49 - 00000000 ____D C:\Diablo III

2012-12-31 08:50 - 2012-12-31 08:36 - 00000000 ____D C:\StarcCraft 2

2012-12-13 19:24 - 2012-06-15 18:14 - 00000000 ____D C:\Fraps

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 9%

Total physical RAM: 8190.54 MB

Available physical RAM: 7382.42 MB

Total Pagefile: 8188.69 MB

Available Pagefile: 7379.74 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

2 Drive c: () (Fixed) (Total:931.5 GB) (Free:148.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive e: () (Fixed) (Total:931.5 GB) (Free:607.43 GB) NTFS

4 Drive f: (Windows XP - 80) (Fixed) (Total:74.52 GB) (Free:17.83 GB) NTFS

5 Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

6 Drive h: () (Fixed) (Total:74.43 GB) (Free:2.11 GB) NTFS

7 Drive i: (IT_CROWD_SEASON_2) (CDROM) (Total:6.78 GB) (Free:0 GB) UDF

9 Drive k: (USB20FD) (Removable) (Total:3.73 GB) (Free:1.92 GB) FAT32

10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

11 Drive y: (New HD-200) (Fixed) (Total:189.92 GB) (Free:32.67 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 189 GB 5120 KB

Disk 1 Online 931 GB 8 MB

Disk 2 Online 931 GB 8 MB

Disk 3 Online 74 GB 8 MB

Disk 4 Online 74 GB 0 B

Disk 5 No Media 0 B 0 B

Disk 6 Online 3824 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 189 GB 31 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y New HD-200 NTFS Partition 189 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 931 GB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 931 GB 31 KB

==================================================================================

Disk: 2

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 3:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 74 GB 31 KB

==================================================================================

Disk: 3

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F Windows XP NTFS Partition 74 GB Healthy

=========================================================

Partitions of Disk 4:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 74 GB 101 MB

==================================================================================

Disk: 4

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 G System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 4

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 6 H NTFS Partition 74 GB Healthy

=========================================================

Partitions of Disk 6:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3823 MB 24 KB

==================================================================================

Disk: 6

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 8 K USB20FD FAT32 Removable 3823 MB Healthy

=========================================================

Last Boot: 2011-12-22 21:19

==================== End Of Log =============================

Link to post
Share on other sites

Do not see anything obvious in that log, can you boot ok and run the following and post the log:

download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • 1. Wait until Prescan has finished...
  • The following EULA will appear, please select accept
    RKLicence.png
  • 2. Ensure MBR scan, Check faked and AntiRootkit are checked
  • 3. Select Scan
    RK1A.png
  • When the scan completes select Report, copy and paste that to your reply.

RK2A.png

Link to post
Share on other sites

Do you have access to another PC to create the Widows Defender Offline Tool, I give the instructions to load to a USB flash drive.

Download the tool from here :- http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline and save to the Desktop.

You will have to select the correct version for your system, either 32 or 64 bit

Double click the exe to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"

WD2.png

In the new window accept the agreement:

WD2a.png

In the new window select your USB Flash Drive, then select "Next"

WD3.png

In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"

WD3a.png

In the new window accept the formatting alert by selecting "Next"

WD3b.png

Files will be Downloaded:

WD4.png

Files will be processed and created

WD5.png

Flash drive will be formatted and prepared

WD6.png

Files will be added to the Flash Drive and the tool will be created.

WD7.png

The procedure is finished and the Tool created, click on "Finish" to complete.

WD8.png

Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F12 as it boots, change options...

As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.

When complete do a full scan, deal with what it finds.

When finished, remove the USB stick then press the Esc key to boot into regular windows.

If Windows boots ok navigate to the following file:

"C:\windows\windows defender offline\support\mssWrapper.log" Open with notepad and copy and paste it into a reply.

If that will work we try another offline tool..

Kevin

Link to post
Share on other sites

The Windows Defender Offline Tool worked (took about 8-9 hours to complete) and successfully booted into regular windows. However I cannot find the file as I cannot find the "windows defender offline" folder. I also tried just searching for the file on all of the drives and still no luck.

Link to post
Share on other sites

No big deal f there is no log, at least your system is now booting correctly. Continue with the following:

Download and save DDS to your Desktop from either of the following links:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr

Note: You must use Internet Explorer to download dds.scr, other browsers will open the file in the browser and not save it. Or if you must use Firefox, or Chrome, then right click the link and select "save link as" and save the file to your desktop.

Double-click the dds.scr file to run the program.

It will automatically run in silent mode and then you will see the following note:

"Two logs shall be created on your Desktop"

The logs will be named dds.txt and attach.txt".

Wait until the logs appear and then copy and paste their contents in your post.

Kevin...

Link to post
Share on other sites

So I tried downloading the dds.scr program from both links but neither time would it produce a dds.txt file. Here is the attach.txt though.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume5

Install Date: 12/26/2011 3:54:02 PM

System Uptime: 1/8/2013 12:17:08 PM (0 hours ago)

.

Motherboard: EVGA | | 132-CK-NF78

Processor: Intel® Core2 Extreme CPU Q6850 @ 3.00GHz | Socket 775 | 3000/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 74 GiB total, 2.32 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 190 GiB total, 32.644 GiB free.

F: is FIXED (NTFS) - 932 GiB total, 148.74 GiB free.

G: is FIXED (NTFS) - 932 GiB total, 607.338 GiB free.

H: is FIXED (NTFS) - 75 GiB total, 17.825 GiB free.

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Image File Execution Options =============

.

.

==== Installed Programs ======================

.

µTorrent

7-Zip 9.20 (x64 edition)

7_Carbon.rar

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Aion

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARMA 2

ARMA 2: Operation Arrowhead

Autodesk Inventor Content Center Libraries 2012 (Desktop Content)

Autodesk Inventor Fusion 2012

Autodesk Inventor Fusion 2012 Language Pack

Autodesk Inventor Fusion for Inventor 2012 Add-in

Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack

Autodesk Inventor Professional 2012

Autodesk Inventor Professional 2012 English

Autodesk Inventor Professional 2012 English Language Pack

Autodesk Material Library 2012

Autodesk Material Library Base Resolution Image Library 2012

Autodesk Material Library Low Resolution Image Library 2012

Battlefield 3™

Battlelog Web Plugins

BattlEye for OA Uninstall

Bing Bar

Bonjour

Borderlands 2

Call of Duty: Modern Warfare 3 - Multiplayer

Company of Heroes

Counter-Strike: Global Offensive Beta

Curse Client

Curse Client - 1

D3DX10

DC Universe Online

Deus Ex: Human Revolution

Diablo III

Dota 2

Eco Materials Adviser (x64)

Equalify v2.1.2 (admin setup)

ESN Sonar

Fallen Earth

FileZilla Client 3.6.0.1

Fraps (remove only)

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

Grand Theft Auto IV

Guild Wars

Guild Wars 2

HTC Driver

HTC Sync

Intel® Data Migration Software powered by Acronis

iTunes

Java Auto Updater

Java 6 Update 31

Java 7 Update 3 (64-bit)

Java SE Development Kit 6 Update 30

Junk Mail filter update

Logitech Gaming Software

Logitech Gaming Software 8.20

LogMeIn Hamachi

Magic: The Gathering – Tactics

Mass Effect™ 3 Demo

MathGV 4.1

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Corporation

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft LifeCam

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NCsoft Launcher

Need for Speed™ ProStreet

NOOK Study

Notepad++

NVIDIA 3D Vision Controller Driver 285.62

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Drivers

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA MediaShield

NVIDIA Performance

NVIDIA PhysX

NVIDIA PhysX System Software 9.11.0621

NVIDIA Stereoscopic 3D Driver

NVIDIA System Monitor

NVIDIA System Update

NVIDIA Update 1.10.8

NVIDIA Update Components

Origin

Pando Media Booster

PunkBuster Services

Quick Uninstall Tool for Autodesk Inventor 2012

QuickTime

Red Orchestra 2: Heroes of Stalingrad

RIFT

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Six Updater

Skype Click to Call

Skype™ 5.10

Smart Technology Programming Software 7.0.12.11

Spotify

Spybot - Search & Destroy

StarCraft II

TeamSpeak 3 Client

The Elder Scrolls V: Skyrim

The Ship

The Sims 3

The Sims™ 3

The Sims™ 3 Supernatural

Unreal Tournament: Game of the Year Edition

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VBA (2627.01)

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (32-bit)

Xfire (remove only)

Zombie Panic Source

.

==== Event Viewer Messages From Past Week ========

.

1/8/2013 12:17:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.

1/6/2013 1:26:09 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

1/6/2013 1:26:09 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

1/4/2013 11:34:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/4/2013 11:34:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/4/2013 11:34:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/4/2013 11:15:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TONYWONDER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced.

1/3/2013 8:29:21 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer METALMONSTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced.

1/3/2013 2:25:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

1/3/2013 2:25:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nTuneService service.

1/3/2013 2:12:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

1/3/2013 12:35:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAVID-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced.

1/2/2013 8:45:54 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D2CF621-6B68-428C-8053-72C48CE8BDE0}. The master browser is stopping or an election is being forced.

1/2/2013 6:11:55 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

1/2/2013 3:15:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

1/2/2013 3:14:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

1/2/2013 3:14:35 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/1/2013 4:45:35 AM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.

1/1/2013 3:14:16 AM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.

1/1/2013 2:55:29 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 25.229.10.121. The computer with the IP address 25.5.181.100 did not allow the name to be claimed by this computer.

.

==== End Of File ===========================

Link to post
Share on other sites

I do not unerstand your reply, either link will produce the scanner, DDS. That should be saved to your Desktop. When you run DDS, that scan will produce two logs, DDS.txt and Attach.txt. also in that order. If DDS.txt is not produced, then neither should Attach.txt.

If there is an issue with DDS we try another diagnostic scanner...

Download OTLI.gifOTL from any of the following links and save to your Desktop:

Link 1

Link 2

Link 3

  • Double click on the icon otlDesktopIcon.png to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in:

    netsvcs
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    msconfig
    %SYSTEMDRIVE%\*.exe
    %LOCALAPPDATA%\*.exe
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT


  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Link to post
Share on other sites

Here is the OTL.txt file

OTL logfile created on: 1/9/2013 11:24:59 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.11% Memory free

16.00 Gb Paging File | 14.01 Gb Available in Paging File | 87.57% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 74.43 Gb Total Space | 2.32 Gb Free Space | 3.12% Space Free | Partition Type: NTFS

Drive D: | 6.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 189.92 Gb Total Space | 32.64 Gb Free Space | 17.19% Space Free | Partition Type: NTFS

Drive F: | 931.50 Gb Total Space | 148.74 Gb Free Space | 15.97% Space Free | Partition Type: NTFS

Drive G: | 931.50 Gb Total Space | 607.34 Gb Free Space | 65.20% Space Free | Partition Type: NTFS

Drive H: | 74.52 Gb Total Space | 17.83 Gb Free Space | 23.92% Space Free | Partition Type: NTFS

Drive J: | 3.73 Gb Total Space | 1.91 Gb Free Space | 51.36% Space Free | Partition Type: FAT32

Drive K: | 7.21 Gb Total Space | 6.84 Gb Free Space | 94.83% Space Free | Partition Type: NTFS

Computer Name: BEAST | User Name: Rob | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/08 21:05:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe

PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/11/19 21:48:16 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2012/11/11 23:06:23 | 000,038,744 | ---- | M] (NCSoft) -- F:\AION\AION2\NCLauncher.exe

PRC - [2012/10/30 12:04:17 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012/10/29 15:05:50 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/08/16 10:51:57 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/09 12:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe

PRC - [2011/12/07 15:11:56 | 000,659,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/11/01 12:08:06 | 000,362,296 | ---- | M] (Intel) -- C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe

PRC - [2010/11/01 12:06:46 | 002,605,224 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe

PRC - [2009/07/06 17:33:20 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

PRC - [2009/07/06 16:44:14 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe

PRC - [2009/07/06 16:43:44 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

PRC - [2009/07/06 16:20:56 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

PRC - [2009/07/06 16:20:32 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe

PRC - [2009/05/27 14:46:52 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe

PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe

PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2008/11/12 10:18:06 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/18 10:54:22 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\409c27bc1e434bf90f0df3d7096613bd\System.Design.ni.dll

MOD - [2012/11/18 10:54:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll

MOD - [2012/11/18 10:53:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll

MOD - [2012/11/18 10:53:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll

MOD - [2012/11/18 10:53:36 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll

MOD - [2012/11/18 10:53:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll

MOD - [2012/11/18 10:53:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll

MOD - [2012/11/18 10:53:30 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll

MOD - [2012/11/18 10:53:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll

MOD - [2012/11/11 23:06:23 | 000,217,088 | ---- | M] () -- F:\AION\AION2\UnRar.Net.dll

MOD - [2012/11/11 23:06:23 | 000,024,576 | ---- | M] () -- F:\AION\AION2\NC.Logging.dll

MOD - [2012/10/29 15:05:50 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/01 10:58:44 | 000,028,512 | ---- | M] () -- C:\Program Files (x86)\Intel\DataMigrationSoftware\Common\rpc_client.dll

MOD - [2009/07/06 16:39:42 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll

MOD - [2009/07/06 16:04:56 | 000,185,856 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll

MOD - [2009/07/06 16:04:56 | 000,185,856 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll

MOD - [2007/01/11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files (x86)\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/01/08 02:46:48 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/12/19 22:33:53 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/12/12 10:38:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/11/19 21:48:16 | 002,462,128 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/08/16 10:51:57 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/13 13:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/12/07 17:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- F:\Autodesk 2\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)

SRV - [2010/11/01 12:10:18 | 001,164,704 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe -- (IntSch2Svc)

SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/12/28 16:26:54 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)

DRV:64bit: - [2011/11/10 09:28:22 | 000,052,160 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2011/11/10 09:28:22 | 000,024,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)

DRV:64bit: - [2011/09/20 09:32:38 | 000,183,104 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CCB.sys -- (SaiK0CCB)

DRV:64bit: - [2011/09/20 09:32:38 | 000,047,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/01/29 01:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)

DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009/11/11 15:47:18 | 000,348,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2009/11/06 07:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)

DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV - [2011/12/28 16:52:45 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Rob\Downloads\RealTemp_360\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 E6 0A CA 11 C4 CC 01 [binary data]

IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0007a7905e50a79

IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

[2012/01/17 14:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions

[2012/04/14 12:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\g148r1jb.default\extensions

[2011/11/05 12:07:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010/12/16 22:11:52 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/12/17 17:19:30 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/02/19 08:42:46 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/06/15 13:19:52 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/11/05 12:16:17 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011/04/28 09:33:21 | 000,000,000 | ---D | M] (Anti-Banner) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\KAVANTIBANNER@KASPERSKY.RU

[2011/04/28 09:33:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- F:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - Extension: AdBlock = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\

CHR - Extension: Hover Zoom = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.8.3_0\

O1 HOSTS File: ([2012/04/03 11:03:57 | 000,441,500 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.123fporn.info

O1 - Hosts: 15173 more lines...

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O4:64bit: - HKLM..\Run: [intel Scheduler2 Service] C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe (Intel)

O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)

O4:64bit: - HKLM..\Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DataMigrationSoftwareMonitor.exe] C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe (Intel)

O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [Adobe ARM] C:\ProgramData\ifgxpers.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [NCsoft Launcher] F:\AION\AION2\NCLauncher.exe (NCSoft)

O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [NVIDIA System Monitor] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe (NVIDIA)

O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [PlayNC Launcher] File not found

O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [spotify] C:\Users\Rob\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [spotify Web Helper] C:\Users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22CEA189-4E2D-41B5-8F51-2D1DA806E2D4}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80B7A150-9C2C-4924-9282-2F581DDA10AA}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8E14235-B895-4AE2-8EE6-69B5E1DB41B0}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/12/04 16:57:14 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2010/02/20 19:12:01 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012/01/05 18:18:43 | 000,000,000 | ---D | M] - F:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2012/01/08 02:50:12 | 000,000,000 | ---D | M] - F:\Autodesk 2 -- [ NTFS ]

O32 - AutoRun File - [2012/01/05 17:03:56 | 3511,359,788 | ---- | M] () - F:\Autodesk_Inventor_2012_English_Win_64bit.exe -- [ NTFS ]

O32 - AutoRun File - [2010/02/20 22:25:39 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2005/12/27 22:08:21 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/09 11:21:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe

[2013/01/09 11:18:12 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{44FCE7E0-6BC6-4E25-A430-4504B3C37A19}

[2013/01/08 12:18:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Rob\Desktop\dds.scr

[2013/01/08 12:17:53 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A3DCED61-C79B-40E8-8735-2561C42D18E6}

[2013/01/06 01:25:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{F579FC83-F2B8-4CE6-8DC5-11D8B8221E4B}

[2013/01/05 19:36:11 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware

[2013/01/05 15:34:35 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{50930E73-8198-46BE-A1C0-8E707B59B732}

[2013/01/04 23:15:17 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2261E2FB-AD99-43DE-9ACA-95E8EBD68378}

[2013/01/04 22:42:56 | 000,104,176 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\ifgxpers.exe

[2013/01/03 20:29:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{F7D61B68-CDB9-4081-B4AC-91479013FA49}

[2012/12/31 11:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II

[2012/12/31 11:50:44 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II

[2012/12/31 11:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III

[2012/12/31 11:36:56 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\StarCraft II

[2012/12/31 11:33:51 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{0D97F737-9DEB-4DCF-B09E-EE036DBB4021}

[2012/12/28 17:29:34 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{06E38DAE-9904-4353-9882-879B28FE902E}

[2012/12/27 12:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MathGV 4.1

[2012/12/27 12:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MathGV

[2012/12/22 23:16:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{249F436C-E09D-4007-B949-31F2B0292E55}

[2012/12/22 03:00:32 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012/12/22 03:00:32 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/12/22 03:00:32 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012/12/22 03:00:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/12/19 23:24:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\ftblauncher

[2012/12/14 17:06:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{75A1AEBE-8355-48EE-90BF-748A5CC0A066}

[2012/12/13 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A23DBFDF-DB48-4A52-B2E5-94BA9A2DB5F0}

[2012/12/13 13:35:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\7_Carbon

[2012/12/13 13:34:33 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\WinRAR

[2012/12/13 13:34:32 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/12/13 13:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/12/13 13:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR

[2012/12/13 12:13:03 | 000,000,000 | ---D | C] -- C:\.Trash-1000

[2012/12/13 10:41:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/12/13 10:41:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/12/13 10:41:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/12/13 10:41:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/12/13 10:41:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/12/13 10:41:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/12/13 10:41:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/12/13 10:41:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/12/13 10:41:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/12/13 10:41:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/12/13 10:41:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/12/13 10:41:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/12/13 10:41:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/12/13 10:41:01 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/12/13 10:41:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/12/12 20:10:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/12/12 20:10:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012/12/12 20:10:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012/12/12 20:10:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012/12/12 20:10:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012/12/12 20:10:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012/12/12 20:10:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012/12/12 20:10:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012/12/12 20:10:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/12/12 20:10:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012/12/12 20:10:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012/12/12 20:10:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/12/12 20:10:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/12/12 20:10:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/12/12 20:10:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/12/12 20:10:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/12/12 20:10:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/12/12 20:10:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/12/12 20:10:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012/12/12 20:10:24 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll

[2012/12/12 20:10:24 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2012/12/10 22:54:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\prog7

========== Files - Modified Within 30 Days ==========

[2013/01/09 11:27:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/09 11:27:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/09 11:24:44 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/09 11:24:44 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/09 11:21:55 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/01/09 11:21:55 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/01/09 11:21:55 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/01/09 11:17:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/09 11:17:35 | 2146,332,671 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/08 21:05:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe

[2013/01/07 15:51:30 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Rob\Desktop\dds.scr

[2013/01/06 01:48:31 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001UA.job

[2013/01/04 23:13:15 | 000,751,078 | ---- | M] () -- C:\ProgramData\1.bmp

[2013/01/04 23:12:59 | 000,114,943 | ---- | M] () -- C:\ProgramData\1.jpg

[2013/01/04 23:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/01/04 22:42:56 | 000,104,176 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\ifgxpers.exe

[2013/01/04 21:48:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001Core.job

[2012/12/31 12:08:00 | 000,000,747 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk

[2012/12/31 11:50:36 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk

[2012/12/30 13:10:25 | 005,185,290 | ---- | M] () -- C:\Users\Rob\Desktop\BLARRG.png

[2012/12/28 14:48:13 | 000,000,553 | ---- | M] () -- C:\Users\Rob\Desktop\server.properties

[2012/12/27 14:46:28 | 000,026,994 | ---- | M] () -- C:\Users\Rob\Desktop\aaron work 2.png

[2012/12/27 14:22:27 | 000,026,186 | ---- | M] () -- C:\Users\Rob\Desktop\aaron work 1.png

[2012/12/22 10:08:16 | 000,000,318 | ---- | M] () -- C:\Users\Rob\Desktop\Curse Client - 1 .appref-ms

[2012/12/22 03:17:16 | 000,376,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/12/20 22:47:27 | 002,242,895 | ---- | M] () -- C:\Users\Rob\Desktop\Minecraft_Server (1).exe

[2012/12/19 23:58:30 | 000,001,143 | ---- | M] () -- C:\Users\Rob\Desktop\FTB_Launcher - Shortcut.lnk

[2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/12/14 00:03:53 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/12/14 00:03:53 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/12/13 18:54:23 | 000,002,470 | ---- | M] () -- C:\Users\Rob\Desktop\Google Chrome.lnk

[2012/12/13 18:29:03 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/12/12 10:38:41 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/12/12 10:38:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/12/11 01:55:51 | 000,000,600 | ---- | M] () -- C:\Users\Rob\AppData\Local\PUTTY.RND

[2012/12/11 01:52:29 | 000,001,075 | ---- | M] () -- C:\Users\Rob\.drjava

========== Files Created - No Company Name ==========

[2013/01/04 23:13:15 | 000,751,078 | ---- | C] () -- C:\ProgramData\1.bmp

[2013/01/04 23:12:59 | 000,114,943 | ---- | C] () -- C:\ProgramData\1.jpg

[2012/12/31 11:50:27 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk

[2012/12/31 11:36:56 | 000,000,747 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk

[2012/12/30 13:10:24 | 005,185,290 | ---- | C] () -- C:\Users\Rob\Desktop\BLARRG.png

[2012/12/27 14:46:28 | 000,026,994 | ---- | C] () -- C:\Users\Rob\Desktop\aaron work 2.png

[2012/12/27 14:22:27 | 000,026,186 | ---- | C] () -- C:\Users\Rob\Desktop\aaron work 1.png

[2012/12/19 23:58:30 | 000,001,143 | ---- | C] () -- C:\Users\Rob\Desktop\FTB_Launcher - Shortcut.lnk

[2012/12/13 18:15:52 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin

[2012/09/03 22:38:26 | 000,000,600 | ---- | C] () -- C:\Users\Rob\AppData\Local\PUTTY.RND

[2012/09/03 14:42:22 | 000,001,075 | ---- | C] () -- C:\Users\Rob\.drjava

[2012/07/25 17:51:44 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2012/06/08 21:21:24 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2012/02/10 18:11:29 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\Pbsvc.exe

[2012/01/08 02:42:51 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/12/26 23:02:43 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/12/26 23:02:43 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2012/01/12 21:05:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/03 20:15:04 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\.minecraft

[2012/01/16 13:35:11 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Autodesk

[2012/04/08 15:29:30 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Barnes & Noble

[2012/12/11 01:54:09 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FileZilla

[2013/01/03 00:01:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ftblauncher

[2012/02/08 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Leadertech

[2012/03/04 22:44:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Notepad++

[2012/01/05 13:07:45 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\OpenOffice.org

[2012/12/13 12:25:36 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Origin

[2012/03/11 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\RIFT

[2012/08/16 10:21:55 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\six-updater

[2012/07/22 14:32:43 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\six-zsync

[2013/01/09 11:18:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Spotify

[2012/03/13 11:23:46 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Teleca

[2012/01/12 21:07:15 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\The Creative Assembly

[2012/03/06 22:19:39 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TS3Client

[2012/06/29 18:29:19 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %SYSTEMDRIVE%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< MD5 for: EXPLORER.EXE >

[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/11/18 05:34:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9DE451C2C941CF6CB7A7E14171F497AA -- C:\.Trash-1000\files\explorer.exe

[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >

Link to post
Share on other sites

And here is the Extras.txt

OTL Extras logfile created on: 1/9/2013 11:24:59 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.11% Memory free

16.00 Gb Paging File | 14.01 Gb Available in Paging File | 87.57% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 74.43 Gb Total Space | 2.32 Gb Free Space | 3.12% Space Free | Partition Type: NTFS

Drive D: | 6.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 189.92 Gb Total Space | 32.64 Gb Free Space | 17.19% Space Free | Partition Type: NTFS

Drive F: | 931.50 Gb Total Space | 148.74 Gb Free Space | 15.97% Space Free | Partition Type: NTFS

Drive G: | 931.50 Gb Total Space | 607.34 Gb Free Space | 65.20% Space Free | Partition Type: NTFS

Drive H: | 74.52 Gb Total Space | 17.83 Gb Free Space | 23.92% Space Free | Partition Type: NTFS

Drive J: | 3.73 Gb Total Space | 1.91 Gb Free Space | 51.36% Space Free | Partition Type: FAT32

Drive K: | 7.21 Gb Total Space | 6.84 Gb Free Space | 94.83% Space Free | Partition Type: NTFS

Computer Name: BEAST | User Name: Rob | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0BA31115-365E-407A-9059-0A88F3A875C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{15BCC9AD-7062-41FE-826B-F9448FD04F50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{1FCFCD2A-6439-46B6-A91D-5CDABA639134}" = lport=445 | protocol=6 | dir=in | app=system |

"{3812A744-957E-40EE-A3C4-4F7BE4EDCAF2}" = lport=137 | protocol=17 | dir=in | app=system |

"{3C4DAEE2-AD78-4B1A-AE4C-CAEFFD43E485}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{53414302-B318-4A5C-9F0E-492FD323AFA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5669EDDD-2FCF-40B0-9CEC-EB2502E191AD}" = rport=137 | protocol=17 | dir=out | app=system |

"{5794673F-2A7C-450D-A8E1-1BE45FB896BB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{63EF755C-22C4-405A-B411-3207032B6571}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6BC0DD11-53C1-4DC4-8288-E50B0E2F5556}" = lport=10243 | protocol=6 | dir=in | app=system |

"{746DB178-A6B5-4065-9AD8-F0099F5A38CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7EE461EA-C4CC-4785-BDD5-9F965F3D4AFF}" = rport=138 | protocol=17 | dir=out | app=system |

"{AA72F184-2FBB-4233-A7F1-318059451A42}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AC953261-6A47-45A1-8232-BF2CD3B91783}" = rport=139 | protocol=6 | dir=out | app=system |

"{ACBB9A45-E963-484F-B58A-753EC3248DE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C51587C5-BFEF-4F2F-956D-0BA34B52F2AB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{C6EC5686-836B-475D-BF6D-28AD3321C7FC}" = rport=445 | protocol=6 | dir=out | app=system |

"{C91540A4-E65C-4289-9CB9-291DECFEBE52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C9984765-F348-4FB8-BD19-30F67547D389}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{CC26F7DB-1FF1-4450-A8A8-EA6BBC3D106E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CDB0B1E3-3DAE-4E77-9D20-952E9E60840D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D252CC50-4A7D-4394-923B-4CDA5F8EF5AE}" = rport=10243 | protocol=6 | dir=out | app=system |

"{DA26984E-DF17-4206-A7E8-787F667DBA09}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{F57C6C18-4FD6-443E-BE7B-2B8BB7F0DEEB}" = lport=139 | protocol=6 | dir=in | app=system |

"{F905AEA6-7651-49A9-89D9-FD4B7A845045}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0221AA54-5AD1-4386-B50A-D0971BA1A677}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |

"{0390CF83-0737-4134-A3A2-69A7354D817D}" = protocol=6 | dir=in | app=f:\day z\tools\bin\rsync.exe |

"{051E935D-F4B9-4C66-B777-C012D5845847}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |

"{0540F120-5CE8-489D-B97E-78EB770119E2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{06960C09-3A34-46B5-BDDD-557A756BE6C8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{0825EB9E-7B81-4686-9966-26EA55194135}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{08E7E16E-279D-4DEF-ADAD-81BD24B781A1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{0BA1AD93-D160-48CA-89FB-CADA669ED74A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{0C1E2CDA-F786-4AB5-8C95-560ADF1D1363}" = protocol=6 | dir=out | app=system |

"{0ED05AE8-12FF-440B-BE1E-AADC1C9F72FC}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |

"{1100587D-E1E3-4452-8100-E7290E15FD58}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{11EFF479-9C18-41AA-8A52-0030445D24D3}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |

"{139E72B9-E4D2-4829-817F-F70DB21A50A9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{159F927D-0288-49B9-9C31-6DFE489B78F7}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |

"{15B72B30-40B9-4DD8-A4CE-12EFF2D03588}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{169B1617-526C-47B3-8DF1-9FC51833614B}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"{17B5D517-D031-42C1-87C2-446EAE5A059C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\unreal tournament\system\unrealtournament.exe |

"{17D4A478-9CF7-476A-A256-CA86A1B96817}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

"{1A0DE5A1-2E1E-4EC4-9595-4C98025BCE17}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |

"{1A4C2341-166A-43BE-B592-9C4EDCF18092}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1C1D6C7B-19BA-4C73-A098-9A42E86AEEED}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |

"{1C2DDD88-1717-4CC5-8581-28DB0731B975}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"{1DFB61A4-43E4-48D4-870A-FFD507C68158}" = protocol=6 | dir=in | app=f:\\utorrent.exe |

"{20B2BEBA-1D3D-4AD8-AF88-800608F85DC7}" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii.exe |

"{21ACE450-05C9-4EF4-BAC1-0E2F716AAB1C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{22F57080-99C4-4977-9437-AB8CB7AC713E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{2348D4E1-3035-4919-98F6-9008F4A78D19}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"{242040EB-E18F-4D35-887C-3866854D7513}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |

"{2A35FD54-78F9-40B5-9763-D2C8DB8ACDE4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2C54671C-62DE-41ED-9D5D-94860EE03F29}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"{2C5F6FF0-49A6-4AE3-B62F-9ECB9A7451B5}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{2D2A8B37-0D58-486D-98F7-53921304A2A1}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |

"{2E050AA0-7266-4978-A5E8-586F4B6805B3}" = protocol=17 | dir=in | app=c:\program files (x86)\barnes & noble\nookstudy\nookstudy.exe |

"{2E5B7A0F-3B6A-45E6-8285-AF107BF89694}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"{2F55C717-233A-4BF6-B1AD-3CBC70CB026A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2FE50018-6EFF-41B1-AB00-1DA2688893D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3088DD23-BD97-460F-9119-A18960108506}" = protocol=6 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe |

"{30D34E07-9C08-4420-95AA-24984EB33BFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{31126E17-97F8-4114-9364-252492EFA03E}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |

"{350EACCA-0F6E-4C41-9975-FA2864882410}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{3663FE19-62A2-4B25-B4CC-6CDEB8BDB804}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{3699EE8F-FD56-4FC4-98C0-74E0730E0648}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |

"{3A0BCA63-6F1D-470B-BC2C-26070893393C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |

"{3AA94A4D-F2B9-414A-A23D-8020E0E586C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{3ACB3107-E22B-4742-B224-4C003B1C5AE8}" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii.exe |

"{3BBCB827-2D34-4915-AEBB-DD6B1043C67C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |

"{3BE8FCEA-8BEA-4A3E-B30E-E1A75470D333}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |

"{3E6C6126-CD0E-4B73-8731-C66B01569F89}" = protocol=17 | dir=in | app=f:\day z\tools\bin\rsync.exe |

"{3E955CAD-CF87-4B7F-804E-810E430199D1}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |

"{401221E2-A86D-46BA-B431-5C7337B8C042}" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii public test.exe |

"{402AA3D3-786C-4A9C-8610-27B48DA11E5E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"{4047DCA6-AF98-4815-B12D-C8FFA5F2AB91}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{40E61E53-5366-46CA-AFD2-994845999EE3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |

"{424248A2-8BA8-4BBD-BA2A-61FE74E8EFB9}" = protocol=17 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe |

"{44D18915-6DE7-4772-9E30-0EF7D6C978EE}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |

"{4A267276-2F69-41CE-A55E-44AF571EC582}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

"{4A52A33F-9016-4ACA-A569-E5C5F42629BA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |

"{4B212681-3459-482B-83CB-38D93C6576FB}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |

"{4E37F4CA-1019-4B91-B521-EBBAD27FCA8F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{5119B0CB-77BC-49D3-8D46-7A03D61740E9}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |

"{5255D182-C867-44E7-A9D6-2F05918CB7C7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{54FD11EC-73A1-4924-A85D-7BEDEC8071FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{578D03D3-9964-4C98-9C88-967C77394B97}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{58C66C71-CDF5-4DDE-B651-81F9A7A95B0D}" = protocol=17 | dir=in | app=f:\utorrent.exe |

"{597B149A-AF97-4635-9509-232BBE98B70B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5985C04A-D928-4866-B017-16D5DD046F06}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |

"{5AF6404B-8804-4F2C-B2AA-AD1E69B0F10F}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"{5DB8D8AD-A053-443D-B56D-E680D0F0CAD2}" = protocol=6 | dir=in | app=c:\program files (x86)\barnes & noble\nookstudy\nookstudy.exe |

"{5FBAB199-D023-4836-B7F6-14DBA7C442E3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |

"{639627B0-E7EA-4066-9C09-4F519D564F33}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{649BEDF0-601E-42A6-8533-77FACD292DB8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{64F975F5-C074-4AD3-84E7-710AE11EED4C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{656F20E1-FE79-46E1-8F0C-F038273DEAFF}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{66FB7D13-F7F9-4A97-98F6-65ADA9862186}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{68A9D4F6-42A7-4E21-A71B-258DB2AA7E9A}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe |

"{69D16105-5F51-4F3A-A231-57F47C8E18AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6C8D69C8-E077-4E8B-B4CF-73763C888F18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{6E8A2030-5C34-4DF7-A06F-019BF078629F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{6ECA2E70-2171-4EE4-BCB7-B91062495F11}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{73B06D9A-55AF-48D8-81D8-CF10F9655596}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{75147BA9-A79D-40C0-9ABB-B12175D7BC10}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{75D1AD7B-6723-463E-A4E7-DAE01B23CAC7}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |

"{7648EC1F-4474-4044-8657-3746FA84AEDC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{767D2765-EBB0-4BFA-AD14-2D7BBF8C8704}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"{76FAD55C-0527-4745-8ED9-FAF0E7FFB9AA}" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |

"{78388A1A-F9EE-45F8-836F-82ADD760470B}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{7DD7B8A3-4FD6-407F-BFB7-2F025010476A}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"{7DEC905C-5706-48E8-86F4-3444374027EB}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |

"{7EB799B3-8542-459A-A09B-6E44CB35A444}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe |

"{7ECFE570-CA0A-4855-BABD-284509EACCB7}" = protocol=17 | dir=in | app=f:\\utorrent.exe |

"{7F18EE41-71C1-4F78-B9EC-3F980EF19430}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |

"{7F58E107-2219-4402-9FB0-44CBA6647F0E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |

"{817864C7-A175-4B6C-9803-C0109AE34A16}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |

"{81A43FE0-8149-4ABB-A030-CE6D52B31CCA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |

"{81E6B8F1-DB2B-4EFB-839D-59C5D4D11F11}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{82D0B270-CB73-4C11-9024-C0D2399214E3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{82F45EA2-0A3A-4973-AE42-E2480DD45132}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\unreal tournament\system\unrealtournament.exe |

"{83A1C127-B064-40B0-B88B-3B057C6AD53A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |

"{83D7C6D1-A332-4EBE-B955-B0EED642F39A}" = protocol=6 | dir=in | app=g:\new folder\guild wars 2\gw2.exe |

"{87F4E8E2-410D-47D9-8968-6E2AFEB02943}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"{884B2017-8FBE-453E-9AA6-45C7843DAF90}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{8920722C-34DB-49BC-93AB-521870A6BCB2}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"{895C504B-9145-4D30-BDAE-2B7EFEA46D8B}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |

"{8A335029-FCCC-429B-A3C0-547B8A758AA1}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |

"{8AB6C497-B7EC-438F-95FD-8DF6667B042C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{8C187D5B-603A-4881-8717-64E27309F7C5}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |

"{8CBA291B-45FC-416D-84F5-406F841D00EA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{8DADE716-2CED-4ACD-A11D-16508DC451EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8F5C3B16-4430-4DCC-8419-AE000178A652}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |

"{91AA8F6E-E917-41EE-8041-EA09A4862743}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{93CF3F37-78B1-44A7-A5D7-4732786F4C54}" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\starcraft ii public test.exe |

"{9405DAC1-1612-43AB-B983-2C2ADB77EC58}" = protocol=17 | dir=in | app=f:\diablo iii\diablo iii\diablo iii.exe |

"{94C796C3-B4D6-469F-818E-28DFDCDA90E7}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |

"{9615967C-A287-4B9B-93C1-A338F0AABEA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{96AD1E2D-CC60-47F9-9E9E-244317F78F5E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |

"{97E93651-B636-470C-B4AC-64B74999D6A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9A0A8905-7077-4747-B54D-733385AF97CE}" = protocol=6 | dir=in | app=f:\diablo iii\diablo iii\diablo iii.exe |

"{9B4176DB-6254-4F70-BA44-2690DCED717B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9DB95938-6E1F-4F00-81AF-7B9EDB2B4C3C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{9E2FBFA0-1649-4656-B48A-FDC74DB906D6}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |

"{9E7F3462-546E-4FA9-943C-F65C8E91CEBC}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |

"{9ED88EC1-71BB-4677-A59C-6F9C8595CD3A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe |

"{9F3D23C0-D1FB-4B1F-ABDA-D236EB1681DE}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"{9F799987-BA5C-4706-9376-00C9E2539AE0}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe |

"{9F90F4FA-14A1-4A5C-87F3-14CDA0A64896}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |

"{A0D99028-A7E7-4BCC-9053-6CA7CBDA68D7}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{A22B4201-E046-46BE-936E-8A730D9959FC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{A26F8911-E695-4C75-917F-BE39AC7CC8B9}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |

"{A4AA5C9E-A20A-4951-A078-F8C2B710E3F3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{A5070C9A-5A84-4CA1-A554-CF6B88E2F946}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |

"{A542E8E5-6100-48DA-875C-4927CCE9CE97}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |

"{A6A78385-6D0D-49C7-A1A8-53F3330F108F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\counter-strike source\hl2.exe |

"{A7684851-FFFC-4094-A91C-51DDA6AB1B53}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |

"{A7B7513C-1D4E-466B-BE7E-2FF7F648F6A8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{A8351A75-D349-44F7-AE84-E09543EB7C86}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |

"{A91687C1-FE2D-491E-8AB0-4E085D9B9B8A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{ABB97294-0386-4A93-B1D4-EE8A376B281D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\counter-strike source\hl2.exe |

"{ACE222B9-E445-49A5-87EB-7844BFAFC38F}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |

"{AE58CCCF-5A84-4803-B24C-1C65D95FF153}" = protocol=17 | dir=in | app=g:\new folder\guild wars 2\gw2.exe |

"{B0E83D9E-B7AF-4923-8B5D-6A1FD3601D83}" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |

"{B203446A-407E-47D4-B031-9C2D2E529B66}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |

"{B354DA3A-BB12-413E-80E1-E9E351045CB3}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe |

"{B5AEB904-A9E3-4D25-A0AC-7ED9D288097D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B5F68FA1-7837-48B9-802F-4F136785D910}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |

"{B615C6CF-D96C-494E-907D-38D14B38E436}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{BAB7CD36-E140-4744-84D5-E3345A92B75A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |

"{BB877D2E-46D1-420C-855E-4D95AB509CDA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe |

"{BDA6D3B6-C7C6-48F5-BE52-A2105B545452}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |

"{BFF17062-F340-4CCD-A3A9-D1D899AB6628}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"{C0FD77A3-5B1B-43A2-BCCE-849365BFB548}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |

"{C1FD5DB6-E5AB-4A51-8B64-151130CEB095}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{C22EA2CE-540C-4B14-B0EE-4899B7816571}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |

"{C2B0BA70-CFAC-4D16-B9EC-0855CA4B10BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{C2FD3BBF-9888-4B5B-825C-70363389B199}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |

"{C916A29A-795C-4CD7-A374-E12ACAB49126}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |

"{C9DEDBE1-A319-4BFB-A735-AE0DC24BC9A7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{CA3C9C66-828D-4F80-BB99-53BD2952E4A4}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |

"{CC25227A-AE05-43FF-A9DD-EF01886E4127}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{CD19B5C2-7501-47CB-94D7-916F2AA5809F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{CD78A8BE-ACBD-42B9-A3E5-6DD85DF6344E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |

"{D2AA8210-F98A-4260-8AC1-F080E97FC049}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{D378A62F-2A48-4955-9CDB-B81D5D8DA71C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{D49521C5-EFB6-459D-8495-7A01D7248B3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{D50842EE-4CA2-42DE-94AB-4FDB6FA29B9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D51F9CD9-F1DE-4C47-8E38-F3ACD89DB6BF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{D5D78A8E-D31A-4A86-9B81-C359C9AE686E}" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"{D66798BE-9045-404A-951B-79F025FCEA56}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |

"{D6D920BE-BD6E-4025-98F5-FCE50D3A1675}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |

"{D7B415FF-B3A4-455A-81D4-4D74BBCADFD2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{DB52AD37-5050-4765-8C99-EB11D058C4C6}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |

"{DDE6EDF5-2B4C-48C5-B90C-69D6593B2FD3}" = protocol=6 | dir=in | app=f:\utorrent.exe |

"{E2AE90C8-CE96-4B06-989D-FF1D120E96BE}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{E2D16EE4-520D-44F8-B3AA-D567405AFDCF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{E34552B5-0703-4C9B-AD1F-F4965F9FB4E2}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |

"{E4DF978D-89CD-4583-A259-A5E1A5335CFA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{E4EF226D-E7D0-443C-A487-0E439459CB78}" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |

"{E8EEDDED-7811-4019-B294-121C5D2D1D03}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |

"{E9124209-9065-46C5-9F98-71B85D21426A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{E9F92A21-21C1-4914-B019-3C891A06F4E3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |

"{EA994B5A-52DD-4BA4-AD46-7AF12B1BCD5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EBD20F75-AFBE-4ECC-BD55-DAA524180ED4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{EBDD86B0-0CC6-492B-A07B-DABE9E4FC4DA}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{EBE6126F-8ADA-43B4-B143-812A5E16D2AD}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{EC8B326A-83DA-4DD4-ADD1-407EFD201F65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EE33795D-AD94-431B-8391-68E979A47259}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |

"{EE82A31C-7C0E-4EA2-85F1-9B0F521943E7}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{F0C3BA6D-C968-4534-A500-AAF44C7D8756}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |

"{F0C52259-88A2-4545-A73F-09F0CA6D7976}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |

"{F240CB5F-5B00-42FF-B5B8-298E0AA20D30}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |

"{F4248DD2-450D-4741-9B5E-210EBF1079F8}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |

"{F72A4CC5-1A6E-43B6-AF33-B15C6155E567}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |

"{FAE84FF1-83ED-4656-A99C-E57137F1E116}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{FB5F7EBF-595E-4562-9802-829ABD99AFC4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{FC30E7F4-E7DF-4C56-A574-C6FF86E92E2C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |

"TCP Query User{046244AD-139E-4FA3-A769-844E2BD33B3B}F:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |

"TCP Query User{08EAA4AC-D63C-4AE4-89B5-66132317AA2F}F:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |

"TCP Query User{244DB107-4D1F-4C0C-9B7A-7FBA466593D0}F:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |

"TCP Query User{26B0834B-4429-4196-9C96-6BB646387C97}F:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe |

"TCP Query User{2DE5910B-D258-4DB2-801F-D17C473E8F24}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"TCP Query User{2F272903-9709-4440-83E2-7859718154A1}F:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |

"TCP Query User{3C703AF3-BCF4-462C-BB2A-D01080196F54}F:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"TCP Query User{43760748-4162-42A8-85FB-0BF74DFE8315}F:\starccraft 2\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=f:\starccraft 2\starcraft ii\versions\base23260\sc2.exe |

"TCP Query User{44B1D783-E045-496E-B452-62EE27585170}G:\new folder\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=g:\new folder\guild wars 2\gw2.exe |

"TCP Query User{481D3B38-1881-43A5-AA0A-3BAC20ED1253}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |

"TCP Query User{4B8298CB-FF61-4B97-9E13-58F95BE8C9EF}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe |

"TCP Query User{690DC584-4C3B-436F-A5F7-4907B8CB6364}F:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"TCP Query User{70EE3B10-F5A1-4F9C-B840-64D355D06734}F:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |

"TCP Query User{7B857455-9FFC-4A65-AE5A-102E39A5D7B8}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |

"TCP Query User{7CEDF7C2-A840-471A-8DA8-A9368D729955}F:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"TCP Query User{7D39036F-E3F7-437F-9D66-CB0B3B4A5F2D}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"TCP Query User{7E01F87F-EF89-44E5-BDDC-B5273140B95A}C:\users\rob\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe |

"TCP Query User{86FD60D4-774B-4A18-AD5F-C6D7C8BC33BD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{8C193094-DE35-470A-A97A-D01F9A60D604}F:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe |

"TCP Query User{8F503BF6-0515-4E13-94DF-F87E34349278}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |

"TCP Query User{A996A688-184E-4083-83DE-D7980D14D477}F:\utorrent.exe" = protocol=6 | dir=in | app=f:\utorrent.exe |

"TCP Query User{B7A8CE45-C249-4D49-AFE6-15D809C0A51E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"TCP Query User{C76F531E-BCEE-4555-87EB-624FAFFDD456}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"TCP Query User{D9CA233B-A4CA-4106-AB05-909BF68843D6}F:\day z\tools\bin\rsync.exe" = protocol=6 | dir=in | app=f:\day z\tools\bin\rsync.exe |

"TCP Query User{E2D08C07-CB5E-494C-B341-C8FAED6159C9}F:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |

"TCP Query User{E67D2459-9704-47AA-9713-CD86B04257D2}F:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

"TCP Query User{EDE157CE-6EEF-4894-BC0F-A7EFA2F376C6}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

"TCP Query User{F7DDB3D8-1F3C-47E8-AE08-9BF826306A4D}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe |

"TCP Query User{FE77B02C-9B23-448B-918C-BCCE07566DC8}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"UDP Query User{0999E1A1-F62B-4AB6-BEB2-10AA6F8502FC}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"UDP Query User{165F1FA8-DED8-4ACC-AE11-80EF8ADEE1FD}F:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\doubleslidefoot\the ship\ship.exe |

"UDP Query User{198463AF-94F7-410E-95A0-F2100C033500}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{2B8B20A5-5D46-4ABA-9F81-AFB945A974C1}F:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.patch.exe |

"UDP Query User{3A439B9C-6388-4B56-A10A-871CA75612E5}F:\starccraft 2\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\versions\base23260\sc2.exe |

"UDP Query User{3B27DB33-FFB4-47F3-82E2-3D6EE8D3CCF4}F:\utorrent.exe" = protocol=17 | dir=in | app=f:\utorrent.exe |

"UDP Query User{517BA573-704E-4FB7-85DA-71F95514AFFF}F:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"UDP Query User{63A6F0C3-07C8-4059-A331-C00C7178ECB0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

"UDP Query User{63C25C0E-9D49-4434-8718-A2F37DA94D5F}F:\day z\tools\bin\rsync.exe" = protocol=17 | dir=in | app=f:\day z\tools\bin\rsync.exe |

"UDP Query User{6A46F9D0-1733-4483-B71E-F9A3AE08EDEC}F:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=f:\starccraft 2\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |

"UDP Query User{6A9DBDEA-7584-4071-84C5-34329E0C5D34}F:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |

"UDP Query User{721341C5-7722-4F1F-8F67-E5BE62EADB56}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe |

"UDP Query User{98B61749-8C94-4F19-8B6F-916FB3D8CDA5}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"UDP Query User{9FD56B18-2DC3-45F2-9080-B507A0EED8C1}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |

"UDP Query User{A77FEBB9-8F57-4FF1-874E-16201238FCE6}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"UDP Query User{A8601990-A9C8-46A3-8FDB-4C11788D6154}C:\users\rob\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\roaming\spotify\spotify.exe |

"UDP Query User{AAD551C3-CAC2-48D7-91D1-E89C91627201}F:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"UDP Query User{AC1A7374-5187-4167-BCD2-D0E1A439A5C3}F:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |

"UDP Query User{B07F99E0-11FE-4762-A387-4E12E231AE35}F:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |

"UDP Query User{BDF2DE6C-23B0-42E9-AB45-C5D2FDB93A9A}F:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"UDP Query User{C7B8BAA8-7D48-4C10-A6C3-5A153C5C8BEC}C:\users\rob\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\local\temp\gw2.exe |

"UDP Query User{C9B11F65-65CB-4306-8960-339BACD326A6}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"UDP Query User{CAF36CA4-9ACC-485D-9AA4-1877FF14DFDA}F:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |

"UDP Query User{CFDC0F72-6A88-406C-9902-63B2EA00FC30}F:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |

"UDP Query User{D286942C-90D1-4664-B9DF-FBDFEE9AD41C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{DB511CBA-3AA7-4173-AACE-81DB42C963B1}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |

"UDP Query User{F7F8289A-79FF-47EA-A3CB-743D1D710F5D}F:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |

"UDP Query User{FB13CA5E-5D0F-42EA-9E1E-379B58E04117}G:\new folder\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=g:\new folder\guild wars 2\gw2.exe |

"UDP Query User{FB83AE81-B095-475D-8430-9B704BBB32FF}F:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java™ 7 Update 3 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes

"{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack

"{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Add-in

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software

"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7F4DD591-1664-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012

"{7F4DD591-1664-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 English Language Pack

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{C2FDFFA3-3066-4366-9749-1C5070EAA526}" = Smart Technology Programming Software 7.0.12.11

"{D25FF5C1-1664-469A-9794-69309387C193}" = Quick Uninstall Tool for Autodesk Inventor 2012

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E027C59C-4C47-4BE8-8078-BCD3D2680EC3}" = Eco Materials Adviser (x64)

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012

"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack

"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012

"Autodesk Inventor Fusion for Inventor 2012 Add-in" = Autodesk Inventor Fusion for Inventor 2012 Add-in

"Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 English

"Logitech Gaming Software" = Logitech Gaming Software 8.20

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2B0FC5A8-C3B6-33B7-9069-0D3BC69D2E50}" = Google Talk Plugin

"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE

"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater

"{32A3A4F4-B792-11D6-A78A-00B0D0160300}" = Java™ SE Development Kit 6 Update 30

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher

"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012

"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7424809B-AA4A-4B2F-88A8-865F15F778B6}" = Equalify v2.1.2 (admin setup)

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{94F6AE6D-3339-4FC9-9BD2-C6B82D975DBF}" = HTC Sync

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BFFC2681-5F7C-45BC-981A-277A29332678}" = Intel® Data Migration Software powered by Acronis

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi

"{CC419DDC-E0F0-4013-B25A-6FA036516F0D}" = Need for Speed™ ProStreet

"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D30F78E6-2A82-48E5-94A9-D295D64501BF}" = MathGV 4.1

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7_Carbon_folder" = 7_Carbon.rar

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Battlelog Web Plugins" = Battlelog Web Plugins

"BattlEye for OA" = BattlEye for OA Uninstall

"Diablo III" = Diablo III

"ESN Sonar-0.70.4" = ESN Sonar

"FileZilla Client" = FileZilla Client 3.6.0.1

"Fraps" = Fraps (remove only)

"Guild Wars" = Guild Wars

"Guild Wars 2" = Guild Wars 2

"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update

"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance

"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor

"LogMeIn Hamachi" = LogMeIn Hamachi

"NOOK Study" = NOOK Study

"Notepad++" = Notepad++

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Origin" = Origin

"PunkBusterSvc" = PunkBuster Services

"StarCraft II" = StarCraft II

"Steam App 113420" = Fallen Earth

"Steam App 12210" = Grand Theft Auto IV

"Steam App 13240" = Unreal Tournament: Game of the Year Edition

"Steam App 17500" = Zombie Panic Source

"Steam App 201190" = Magic: The Gathering – Tactics

"Steam App 2400" = The Ship

"Steam App 24200" = DC Universe Online

"Steam App 28050" = Deus Ex: Human Revolution

"Steam App 33900" = ARMA 2

"Steam App 33930" = ARMA 2: Operation Arrowhead

"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad

"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer

"Steam App 4560" = Company of Heroes

"Steam App 47890" = The Sims™ 3

"Steam App 49520" = Borderlands 2

"Steam App 570" = Dota 2

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 730" = Counter-Strike: Global Offensive Beta

"uTorrent" = µTorrent

"Winamp" = Winamp

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-bit)

"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

"101a9f93b8f0bb6f" = Curse Client - 1

"Google Chrome" = Google Chrome

"NCsoft-Aion" = Aion

"Spotify" = Spotify

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/4/2013 4:35:06 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5008

Error - 1/4/2013 4:35:07 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/4/2013 4:35:07 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6006

Error - 1/4/2013 4:35:07 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6006

Error - 1/4/2013 4:35:08 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/4/2013 4:35:08 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7005

Error - 1/4/2013 4:35:08 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7005

Error - 1/4/2013 4:35:09 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/4/2013 4:35:09 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 8050

Error - 1/4/2013 4:35:09 PM | Computer Name = BEAST | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 8050

[ Media Center Events ]

Error - 6/14/2012 8:20:14 PM | Computer Name = BEAST | Source = MCUpdate | ID = 0

Description = 8:20:14 PM - Error connecting to the internet. 8:20:14 PM - Unable

to contact server..

Error - 6/14/2012 8:20:23 PM | Computer Name = BEAST | Source = MCUpdate | ID = 0

Description = 8:20:19 PM - Error connecting to the internet. 8:20:19 PM - Unable

to contact server..

Error - 6/16/2012 11:10:38 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0

Description = 11:10:38 AM - Error connecting to the internet. 11:10:38 AM - Unable

to contact server..

Error - 6/16/2012 11:11:11 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0

Description = 11:11:07 AM - Error connecting to the internet. 11:11:07 AM - Unable

to contact server..

Error - 6/16/2012 11:52:59 PM | Computer Name = BEAST | Source = MCUpdate | ID = 0

Description = 11:52:56 PM - Error connecting to the internet. 11:52:56 PM - Unable

to contact server..

Error - 6/17/2012 12:53:06 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0

Description = 12:53:05 AM - Error connecting to the internet. 12:53:05 AM - Unable

to contact server..

Error - 6/17/2012 1:53:14 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0

Description = 1:53:13 AM - Error connecting to the internet. 1:53:13 AM - Unable

to contact server..

Error - 6/17/2012 2:53:22 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0

Description = 2:53:21 AM - Error connecting to the internet. 2:53:21 AM - Unable

to contact server..

Error - 11/27/2012 4:05:05 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0

Description = 3:05:05 AM - Error connecting to the internet. 3:05:05 AM - Unable

to contact server..

Error - 12/1/2012 11:17:52 AM | Computer Name = BEAST | Source = MCUpdate | ID = 0

Description = 10:17:14 AM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

[ System Events ]

Error - 1/6/2013 2:26:09 AM | Computer Name = BEAST | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 1/6/2013 2:26:09 AM | Computer Name = BEAST | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

Error - 1/8/2013 1:17:43 PM | Computer Name = BEAST | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk7\DR7.

Error - 1/8/2013 1:17:49 PM | Computer Name = BEAST | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk7\DR7.

Error - 1/8/2013 1:17:54 PM | Computer Name = BEAST | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk7\DR7.

Error - 1/8/2013 1:19:21 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 1/8/2013 1:19:21 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

Error - 1/8/2013 1:23:50 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the WSearch service.

Error - 1/9/2013 12:19:42 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 1/9/2013 12:19:42 PM | Computer Name = BEAST | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

< End of report >

Link to post
Share on other sites

OK, do the following:

Disable teatimer and leave off for now.

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident

2. Run Spybot S&D

3. Go to the Mode menu, and make sure Advanced Mode is selected.

4. On the left hand side, choose Tools > Resident

uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.Disable teatimer and leave off for now.

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident

2. Run Spybot S&D

3. Go to the Mode menu, and make sure Advanced Mode is selected.

4. On the left hand side, choose Tools > Resident

uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

Next,

Re-Run otlDesktopIcon.png by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-2803456513-1166934674-666375718-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0007a7905e50a79
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - HKU\S-1-5-21-2803456513-1166934674-666375718-1001..\Run: [PlayNC Launcher] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    :Files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]


  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those logs, let me know how your system is responding and what issues remain...

Kevin

Link to post
Share on other sites

So i disabled teatimer and ran OTL again, it asked to restart and will post the log below, however the security check failed to run from both links. It would throw the UAC box and then a command box and immediately close without any interaction and gave no text files.

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

File Protocol\Handler\wlpg - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== FILES ==========

< ipconfig /flushdns /c >

Error opening cmd.txt file...

C:\Users\Rob\Desktop\cmd.bat deleted successfully.

C:\Users\Rob\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: Rob

->Temp folder emptied: 734563762 bytes

->Temporary Internet Files folder emptied: 24117228 bytes

->Java cache emptied: 113899 bytes

->FireFox cache emptied: 85593780 bytes

->Google Chrome cache emptied: 258799114 bytes

->Flash cache emptied: 66590 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 183794373 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028370 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,262.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01092013_135628

Files\Folders moved on Reboot...

C:\Users\Rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\TMP000000019D85233E15893D11 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

How is your system responding, any remaining issues or concerns? Do the following:

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Please post the log.

Next,

Your Java javaicon.gif maybe out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: check that all old versions of Java are removed from start > control panel > uninstall a program. Essential that all old versions are removed.

What

Link to post
Share on other sites

So right now the computer is opperational but before the AdwCleaner the computer would freeze every 30 seconds for about a minute. After the cleaner it has been running pretty well.

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 13:35:19

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Rob - BEAST

# Boot Mode : Normal

# Running from : C:\Users\Rob\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v [unable to get version]

File : C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\g148r1jb.default\prefs.js

C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\g148r1jb.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=109865");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 25);

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "586a330f0000000000007a7905e50a79");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15373");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 25);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1722:54:35");

Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");

Deleted : user_pref("extensions.BabylonToolbar.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 71259344);

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1722:54:35");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109865");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "586a330f0000000000007a7905e50a79");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "586a330f0000000000007a7905e50a79");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15373");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:54:35");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [4293 octets] - [13/01/2013 13:35:19]

########## EOF - C:\AdwCleaner[s1].txt - [4353 octets] ##########

Also my java was fairly out of date but is now updated.

Link to post
Share on other sites

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from one of the following links and save it to your desktop.:

http://www.malwarebytes.org/mbam.php

http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml[/url]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post that log, also tell me if there are any remaining issues or concerns...

Link to post
Share on other sites

My computer has been running much better, with only a few hickups every 10 minutes or so...

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.13.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Rob :: BEAST [administrator]

1/13/2013 5:20:25 PM

mbam-log-2013-01-13 (17-20-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230142

Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe ARM (Trojan.Fakesig) -> Data: "C:\ProgramData\ifgxpers.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\ProgramData\ifgxpers.exe (Trojan.Fakesig) -> Quarantined and deleted successfully.

C:\Users\Rob\Downloads\Cartograph_G_Post_Processor.exe (Trojan.Agent.cn) -> Quarantined and deleted successfully.

C:\Users\Rob\Downloads\setup (1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Obviously still issues with your system... Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Link to post
Share on other sites

ComboFix 13-01-14.01 - Rob 01/14/2013 13:06:30.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6429 [GMT -5:00]

Running from: c:\users\Rob\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Rob\AppData\Local\assembly\tmp

c:\windows\Downloaded Program Files\IDropPTB.dll

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

G:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))

.

.

2013-01-14 03:46 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-14 03:46 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-01-14 03:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAFC3214-4D95-4680-902F-5BF0DAF5D733}\mpengine.dll

2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes

2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\programdata\Malwarebytes

2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-13 22:19 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-13 22:18 . 2013-01-13 22:18 -------- d-----w- c:\users\Rob\AppData\Local\Programs

2013-01-13 18:46 . 2013-01-13 18:46 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-01-13 18:44 . 2013-01-13 18:44 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-01-13 18:44 . 2013-01-12 08:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-13 18:43 . 2013-01-13 18:43 -------- d-----w- c:\programdata\McAfee

2013-01-09 18:56 . 2013-01-09 18:56 -------- d-----w- C:\_OTL

2013-01-06 00:36 . 2013-01-06 00:36 -------- d-----w- c:\windows\Microsoft Antimalware

2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files (x86)\MathGV

2012-12-22 08:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-22 08:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-22 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-20 04:24 . 2013-01-13 22:37 -------- d-----w- c:\users\Rob\AppData\Roaming\ftblauncher

2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-14 05:03 . 2012-08-26 01:05 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-13 19:06 . 2012-04-05 03:21 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-13 19:06 . 2012-01-23 05:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-13 18:44 . 2012-01-08 21:34 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-14 05:03 . 2011-12-29 01:33 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-14 05:03 . 2011-12-27 04:02 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-12-13 23:29 . 2011-12-27 04:02 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-01 16:19 . 2012-01-09 16:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-11-30 04:45 . 2013-01-14 03:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-24 19:02 . 2012-11-24 19:07 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll

2012-11-14 07:06 . 2012-12-13 15:40 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 15:40 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 15:41 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 15:41 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 15:41 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 15:41 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 15:41 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 15:41 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 15:41 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 15:41 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 15:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 15:41 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 15:41 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 15:41 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 15:41 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 15:41 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 15:41 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 15:41 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 15:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 15:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-13 01:10 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-13 01:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-02 05:59 . 2012-12-13 01:10 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 05:11 . 2012-12-13 01:10 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA System Monitor"="c:\program files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" [2010-04-05 1228392]

"Spotify"="c:\users\Rob\AppData\Roaming\Spotify\Spotify.exe" [2012-10-30 7880664]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464]

"Spotify Web Helper"="c:\users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-30 1199576]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-29 3093624]

"NCsoft Launcher"="f:\aion\AION2\NCLauncher.exe" [2012-11-12 38744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"DataMigrationSoftwareMonitor.exe"="c:\program files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe" [2010-11-01 2605224]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]

"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-3-25 0]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-08 1431888]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-28 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]

S2 IntSch2Svc;Intel Scheduler2 Service;c:\program files (x86)\Common Files\Intel\Schedule2\schedul2.exe [2010-11-01 1164704]

S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;f:\autodesk 2\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Rob\Downloads\RealTemp_360\WinRing0x64.sys [2011-12-28 14544]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:06]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001Core.job

- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001UA.job

- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Intel Scheduler2 Service"="c:\program files (x86)\Common Files\Intel\Schedule2\schedhlp.exe" [2010-11-01 362296]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]

"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:d5,a8,34,cb,9a,7d,bb,5c,e4,8d,74,aa,c8,3e,94,26,88,5a,2b,51,73,8b,15,

ec,a6,f3,ea,f0,8d,29,c6,8e,89,59,d1,3b,76,09,6f,db,5b,8f,ee,cf,6b,64,ce,62,\

"??"=hex:2b,22,08,e8,be,4c,23,0d,2f,93,bb,3c,03,3b,96,71

.

[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\License information*]

"datasecu"=hex:3f,98,89,f0,19,f5,d1,15,7c,77,35,bd,33,e4,b8,ed,b9,34,ed,a2,a0,

86,2e,38,84,54,81,00,7d,85,0a,51,bf,9a,2b,59,9c,2b,f5,08,42,73,ee,18,96,30,\

"rkeysecu"=hex:8d,38,94,5a,ac,36,c6,82,36,cf,98,6a,9f,71,58,7c

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-14 13:12:21

ComboFix-quarantined-files.txt 2013-01-14 18:12

.

Pre-Run: 3,947,044,864 bytes free

Post-Run: 3,999,895,552 bytes free

.

- - End Of File - - 4FD226DB9B30C7FE2A69F13C402839E0

Link to post
Share on other sites

Thanks for CF log, do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:


ClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Post those two logs, let me know how your system is responding. What antivirus program do you have installed?

Link to post
Share on other sites

My desktop is running fine now with only minor hiccups. I have Microsoft Security Essentials.

ComboFix 13-01-14.01 - Rob 01/14/2013 20:51:15.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6212 [GMT -5:00]

Running from: c:\users\Rob\Desktop\ComboFix.exe

Command switches used :: c:\users\Rob\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))

.

.

2013-01-15 01:56 . 2013-01-15 01:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-15 01:56 . 2013-01-15 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-14 18:38 . 2013-01-14 18:38 -------- d-----w- c:\windows\rescache

2013-01-14 18:09 . 2013-01-14 18:09 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAFC3214-4D95-4680-902F-5BF0DAF5D733}\offreg.dll

2013-01-14 03:46 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-14 03:46 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-01-14 03:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAFC3214-4D95-4680-902F-5BF0DAF5D733}\mpengine.dll

2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes

2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\programdata\Malwarebytes

2013-01-13 22:19 . 2013-01-13 22:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-13 22:19 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-13 22:18 . 2013-01-13 22:18 -------- d-----w- c:\users\Rob\AppData\Local\Programs

2013-01-13 18:46 . 2013-01-13 18:46 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-01-13 18:44 . 2013-01-13 18:44 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-01-13 18:44 . 2013-01-12 08:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-13 18:43 . 2013-01-13 18:43 -------- d-----w- c:\programdata\McAfee

2013-01-09 18:56 . 2013-01-09 18:56 -------- d-----w- C:\_OTL

2013-01-06 00:36 . 2013-01-06 00:36 -------- d-----w- c:\windows\Microsoft Antimalware

2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files (x86)\MathGV

2012-12-22 08:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-22 08:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 08:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-22 08:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-20 04:24 . 2013-01-13 22:37 -------- d-----w- c:\users\Rob\AppData\Roaming\ftblauncher

2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-14 05:03 . 2012-08-26 01:05 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-13 19:06 . 2012-04-05 03:21 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-13 19:06 . 2012-01-23 05:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-13 18:44 . 2012-01-08 21:34 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-14 05:03 . 2011-12-29 01:33 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-14 05:03 . 2011-12-27 04:02 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-12-13 23:29 . 2011-12-27 04:02 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-01 16:19 . 2012-01-09 16:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-11-30 04:45 . 2013-01-14 03:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-24 19:02 . 2012-11-24 19:07 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll

2012-11-14 07:06 . 2012-12-13 15:40 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 15:40 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 15:41 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 15:41 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 15:41 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 15:41 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 15:41 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 15:41 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 15:41 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 15:41 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 15:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 15:41 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 15:41 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 15:41 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 15:41 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 15:41 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 15:41 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 15:41 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 15:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 15:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 15:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-13 01:10 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-13 01:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-02 05:59 . 2012-12-13 01:10 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 05:11 . 2012-12-13 01:10 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA System Monitor"="c:\program files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" [2010-04-05 1228392]

"Spotify"="c:\users\Rob\AppData\Roaming\Spotify\Spotify.exe" [2012-10-30 7880664]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464]

"Spotify Web Helper"="c:\users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-30 1199576]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-29 3093624]

"NCsoft Launcher"="f:\aion\AION2\NCLauncher.exe" [2012-11-12 38744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"DataMigrationSoftwareMonitor.exe"="c:\program files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe" [2010-11-01 2605224]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]

"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-3-25 0]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-08 1431888]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-28 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]

S2 IntSch2Svc;Intel Scheduler2 Service;c:\program files (x86)\Common Files\Intel\Schedule2\schedul2.exe [2010-11-01 1164704]

S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;f:\autodesk 2\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Rob\Downloads\RealTemp_360\WinRing0x64.sys [2011-12-28 14544]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:06]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04]

.

2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 20:04]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001Core.job

- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03]

.

2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2803456513-1166934674-666375718-1001UA.job

- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 21:03]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Intel Scheduler2 Service"="c:\program files (x86)\Common Files\Intel\Schedule2\schedhlp.exe" [2010-11-01 362296]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]

"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:d5,a8,34,cb,9a,7d,bb,5c,e4,8d,74,aa,c8,3e,94,26,88,5a,2b,51,73,8b,15,

ec,a6,f3,ea,f0,8d,29,c6,8e,89,59,d1,3b,76,09,6f,db,5b,8f,ee,cf,6b,64,ce,62,\

"??"=hex:2b,22,08,e8,be,4c,23,0d,2f,93,bb,3c,03,3b,96,71

.

[HKEY_USERS\S-1-5-21-2803456513-1166934674-666375718-1001\Software\SecuROM\License information*]

"datasecu"=hex:3f,98,89,f0,19,f5,d1,15,7c,77,35,bd,33,e4,b8,ed,b9,34,ed,a2,a0,

86,2e,38,84,54,81,00,7d,85,0a,51,bf,9a,2b,59,9c,2b,f5,08,42,73,ee,18,96,30,\

"rkeysecu"=hex:8d,38,94,5a,ac,36,c6,82,36,cf,98,6a,9f,71,58,7c

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-14 20:58:07

ComboFix-quarantined-files.txt 2013-01-15 01:58

ComboFix2.txt 2013-01-14 18:12

.

Pre-Run: 3,399,180,288 bytes free

Post-Run: 3,306,102,784 bytes free

.

- - End Of File - - 57D8EA03F53EEBD8D847C4842F206688

and the ESET scan.

C:\Users\Rob\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application

F:\Users\Rob\Desktop\New folder\APB_Reloaded_Installer.exe Win32/OpenCandy application

F:\Users\Rob\Downloads\programs\Xvid-Setup-dm-9.exe Win32/Toolbar.Zugo application

H:\Program Files\EA GAMES\Battlefield 2\mods\Stats\Stats.exe a variant of Win32/Packed.ExeScript.B trojan

Link to post
Share on other sites

You can Navigate to and delete the entries flagged by ESET...

Next,

Remove Combofix now that we're done with it

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Next,

Uninstall adwcleaner.exe

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

Next,

Remove ESET online scanner (Only If installed):

  • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
  • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

Next,

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted.

Next,

Download tfc_icon.png TFC to your desktop, from either of the following links

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe

  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Let me know if those steps complete OK, if no remaining issues are you ok for the thread to be closed out?

Thank you,

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.