Jump to content

Kastiel

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Extras.txt: ------------------- OTL Extras logfile created on: 12/21/2012 9:05:39 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wes Kidd\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 11.98 Gb Total Physical Memory | 10.19 Gb Available Physical Memory | 85.10% Memory free 23.95 Gb Paging File | 22.16 Gb Available in Paging File | 92.52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 440.76 Gb Total Space | 258.31 Gb Free Space | 58.61% Space Free | Partition Type: NTFS Drive E: | 3.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 298.09 Gb Total Space | 298.05 Gb Free Space | 99.99% Space Free | Partition Type: NTFS Drive H: | 931.28 Gb Total Space | 38.63 Gb Free Space | 4.15% Space Free | Partition Type: FAT32 Computer Name: WESKIDD | User Name: Wes Kidd | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = DragonHTML] -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = DragonHTML] -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) [HKEY_USERS\S-1-5-21-4063102244-3220350283-1659995652-1000\SOFTWARE\Classes\<extension>] .html [@ = DragonHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo) https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo) https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{25A8FFE5-873D-4649-B9F8-08B4C550AEF1}" = rport=10243 | protocol=6 | dir=out | app=system | "{33BB18E5-6F1E-485A-A4C1-6E87B3052ED9}" = lport=10243 | protocol=6 | dir=in | app=system | "{42328994-FF03-4427-86E4-C8145A641E64}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4693D76B-274F-4F68-9CBC-61ECE883EFA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5436C09A-E2BA-4119-B03B-4DB597271A26}" = lport=5353 | protocol=17 | dir=in | name=java platform se binary | "{607AD8A1-5CE5-4743-9578-3CD74F804DAF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6BCD0C81-7704-4CB2-B2FC-C073BF43E871}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7E47D0B8-FAFC-4E41-8108-DA5A0F133CEB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{86B813ED-3F1D-4307-9A7A-2AC7C9ABB03C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9D12A9D7-5225-4497-9C6C-122689D83455}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A16790BF-E2C1-45F1-879B-1944D1E51175}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B0987DD5-E903-4532-85F6-6E21578F7C3E}" = lport=2869 | protocol=6 | dir=in | app=system | "{B513849C-BFB3-4E2B-BE59-4C9CF97BDED9}" = lport=8182 | protocol=6 | dir=in | name=java platform se binary | "{F11ECDD9-95BA-49BC-95AB-A72534B19CB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F68EE30F-3AB0-44E2-9F40-449EFC957C73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0169E448-E213-4020-BE35-4B8C9D1D9B78}" = protocol=17 | dir=in | app=c:\program files (x86)\acronis\diskdirectoradvanced\mms.exe | "{08B52135-5D48-4F09-BA07-9CBA1D03F664}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | "{09598C0B-3F12-46E1-85FC-14B0733189C6}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{0A1AFBE8-4C3A-4E12-81C0-008D3FEFD7D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0E4D8929-D416-4B68-8B5A-B224DFD585D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{123D30D7-1C8C-461D-B762-435BFAA42C9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{1390C526-8BB2-4499-8388-69D99EDAA605}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{13B3B628-AE58-4EAB-B1EE-BEB2C112D4A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{1790FC84-A23F-4A4D-9411-048B09909D78}" = dir=in | app=c:\users\wes kidd\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{1AF42BE8-A756-4B54-B344-E5A04E95DE66}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{2081D4C2-A59E-469D-9B8F-14C5516BAC0D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{25636A6C-1628-446C-B0D0-408C0523FF58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | "{2571EE8C-41D7-4954-8686-5E8A668CEE5F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2822E200-83AE-429E-A152-735C16AB0D1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{295B8288-4C0D-49FB-9E6E-763AE6FD64A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3431BC9A-8129-435D-9181-D17A3FAE05F0}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe | "{3476FB38-53A9-4373-B3BA-B2DA37BF3EC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | "{35D17B34-B6B8-4AE8-BBB6-1D802F42D9F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3AD8A699-E132-4C6A-9020-63EC33EF2502}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe | "{3CAC0547-6F2A-49F8-8E08-1BC98ADF1E78}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe | "{4095FBCF-7EBE-4F1A-87F7-2B0C1A483045}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{45D7469F-95AB-430C-A57D-9C6268A3457A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{49887F30-DA85-4939-96D7-0BD9C3C3C9EB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{49A9B2F1-B2BA-45BD-B6CA-DFBB09B6EE70}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4B9FE25A-D163-4F5F-8973-4AC75AEA1F76}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | "{502FD31D-F9AD-472F-9356-2547DAA90DAF}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | "{54749F03-32EE-44D2-9156-E5096562DFFF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{59E08ED8-806D-4583-BC6B-75C383330BA3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5D0B8B4A-2D33-4699-B1C1-CEAC2EE28BD2}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe | "{671666DE-57D9-4781-827E-D0C9D09474FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | "{69566C48-FA89-4637-963A-52C86D0B25A0}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe | "{6D75CAB1-76D0-4FAF-86C5-B3A0E7A920F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | "{73135440-4A88-4F5E-9F36-D5854E07F05C}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe | "{764D820B-9BC5-416A-A0A0-0192B575AFEE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{78EC6D9E-7D2C-49E6-ADAF-2EF270051929}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe | "{798D2960-F5B3-4794-AC4E-F7DF3BCD184B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{80CCFB47-F1BE-4253-9812-B231CCE74242}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | "{811E1274-DC23-4AD0-93DF-CC367D55FE03}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{82AF6875-B826-422F-B15D-70A12084102C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{82EA6E3A-6973-45C8-91FB-11E38B35D05C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{84B64DFE-473A-49A6-A00A-4B6885C13B1D}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | "{84D702D3-A2A0-4380-BEC6-F00F1BA5389B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{8698553F-1572-42D7-A639-D058C57DDA62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe | "{87E58CF5-AA4F-42F8-B289-22A1CC0E0642}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{91BEE3A3-37E3-479A-93FE-A800AF649A54}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{91F92727-9959-48E3-BDA5-09322A90FA77}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{95A8A7C9-5777-4896-BA9B-8391767B62EB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe | "{9751CCDE-68AD-4C00-89D5-58F9A03B4511}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe | "{A6ADF69C-6AD8-44BB-805D-FE302E4DE631}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe | "{AF5CBC08-A53E-49A0-A0B3-C74B7787870A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CE58976E-E5A4-4D54-B323-669FA8F3E991}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{D07B13AF-9AB9-4AF8-B14D-615EA17E4340}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{D3719006-A0BA-4AE9-AD72-CCA9C72A535F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe | "{D3787FEF-B1A6-4096-822C-CDB5E4B83B23}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{DB940D4C-74E7-40A4-8881-8E72224F554A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe | "{E2BA066F-2256-4789-872B-3EBECD9B5E69}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{E7481657-835D-453A-9A76-8F04B033FD6C}" = protocol=6 | dir=in | app=c:\program files (x86)\acronis\diskdirectoradvanced\mms.exe | "{EEAA7DF3-741E-4458-9BD4-86C3A4678DC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{F86F4B13-21AF-401A-BA09-27B9E5BFBD4E}" = protocol=6 | dir=out | app=system | "{FBF06105-7504-4F8A-8548-86DB1863F260}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | "{FFB03083-985B-4D74-BE28-4A90C0DF99DC}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe | "TCP Query User{01B08732-8F54-4A27-BD77-FACBFE4F0D77}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | "TCP Query User{5E6C8A29-21BE-41C0-87FE-E3188D30CE7D}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "TCP Query User{6402DA00-D006-4A5C-992E-CBF41BDC6308}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "TCP Query User{6AFD818D-3486-47B6-B2DC-F1444C92E9B5}C:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe | "TCP Query User{7D560481-1CE2-42C0-9930-F5D68F33E601}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{828E5229-692A-41B7-8F7C-9DCD6DBCC109}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "TCP Query User{9C978809-95FD-4FEE-BDCA-63396F4BED95}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{9D5FE820-A0FF-4CCB-9C21-262EDB2338E4}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | "TCP Query User{9DDEA07E-7E95-4D22-9953-C56A2308F4E4}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "UDP Query User{2A04C88C-705D-4338-90E4-5B9CBDA9BB9C}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "UDP Query User{5758AFF5-A0C8-4F77-86AC-0C4192FD2CF6}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{6FAF3F0A-1A42-44DA-A300-9593AD074239}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "UDP Query User{823CF062-BF2C-4BD5-839B-5BF78AF45345}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | "UDP Query User{845E9A2E-B4C0-428D-AAEB-53AA1B8F1888}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | "UDP Query User{977EF30F-A9D0-4746-B3F7-DC462D22F838}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{A3F00A74-35BB-4C48-870F-C07087489D62}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "UDP Query User{B6B488FF-02C7-498B-A3FD-142EDC455481}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "UDP Query User{DB4CDEFC-EDB8-4828-8F26-5A7751BF7220}C:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{17F94DA8-CB07-4BD8-A6DB-E53A1CC5C433}" = Fresco Logic USB3.0 Host Controller "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety "{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety "{749BE6FF-815E-4F36-901B-7AC301B50330}" = Windows Live Family Safety "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.17 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.17 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.17 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0 "{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.0 "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "BatteryOptimizer" = Battery Optimizer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包 "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04F46566-A95C-46FF-9CA1-F3FDBAB61283}" = DriverUpdate "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0 "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3 "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A9767A4-577D-4806-A121-7F0010F6BC60}" = Latency Optimizer FREE VERSION "{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack "{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{53B91797-7CC8-41AA-999E-C33DAEC63A1A}" = Acronis Disk Director 11 Advanced Agent "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{686695ED-BB3F-415D-B0DB-18CF535F7B50}" = Driver Manager "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库 "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EF18153-2F5C-4511-9C05-2BF39F5A241A}" = Acronis Disk Director 11 Advanced Bootable Media Builder "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker "{9170B2A2-FC44-4ec2-AEB6-9052626B2A2E}_is1" = Driver Reviver "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}" = IBM Lotus Forms Viewer 3.5.1 "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus "{AFDDB79D-3FB6-4E82-832C-728F73FAC327}" = Acronis Disk Director 11 Advanced Management Console "{B11AB9C8-18A6-41DC-98B4-4988CC030136}" = THX TruStudio "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E21161DD-05A2-42ED-A0EC-9C1393F51A64}" = GeekBuddy "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FBAC8FFD-94EF-432F-8278-A5EF959DC640}" = THX TruStudio Pro "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FDAD2767-11CA-4D38-9CC4-48770CE3CC7B}" = Notification Center "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "AsusScr_G74 Series_ENG" = AsusScr_G74 Series_ENG "bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801 "Belarc Advisor" = Belarc Advisor 8.2 "Browseforchange_browseforchange" = Browse For Change "Cheat Engine 6.1_is1" = Cheat Engine 6.1 "Diablo II" = Diablo II "Diablo III" = Diablo III "DivX Setup" = DivX Setup "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition "EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0 "foobar2000" = foobar2000 v1.1.11 "Google Chrome" = Google Chrome "InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud "KeyFinder_is1" = Magical Jelly Bean KeyFinder "LogonStudio" = LogonStudio "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "PC Tools Utilities_is1" = PC Tools Performance Toolkit 2.0 "StarCraft II" = StarCraft II "Steam App 102500" = Kingdoms of Amalur: Reckoning™ "Steam App 105400" = Fable III "Steam App 200710" = Torchlight II "Steam App 211420" = Dark Souls: Prepare to Die Edition "Steam App 36620" = Forsaken World "Steam App 570" = Dota 2 "Steam App 72850" = The Elder Scrolls V: Skyrim "VideoConverter" = VideoConverter "WindowBlinds" = WindowBlinds "WinLiveSuite" = Windows Live Essentials "World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4063102244-3220350283-1659995652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Stardock Central" = Stardock Central ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/16/2012 6:22:26 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 12/16/2012 6:23:23 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\DiskDirectorAdvancedService.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 12/16/2012 6:23:52 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\TrueImage.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 12/16/2012 6:23:59 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 12/16/2012 6:24:01 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\mms.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 12/18/2012 8:51:37 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 12/18/2012 8:52:28 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\DiskDirectorAdvancedService.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 12/18/2012 8:52:34 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\TrueImage.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 12/18/2012 8:52:37 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 12/18/2012 8:52:38 PM | Computer Name = WesKidd | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Acronis\BootableComponents\WinPE\Files\mms.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. [ Media Center Events ] Error - 7/1/2012 7:39:29 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0 Description = 4:09:29 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: An unexpected error occurred on a send.) Error - 7/1/2012 7:39:29 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0 Description = 4:09:29 PM - Failed to retrieve SportsV2 (Error: The underlying connection was closed: An unexpected error occurred on a send.) Error - 7/1/2012 7:39:30 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0 Description = 4:09:29 PM - Failed to retrieve Broadband (Error: The underlying connection was closed: An unexpected error occurred on a send.) Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0 Description = 5:09:34 PM - Failed to retrieve Directory (Error: The underlying connection was closed: An unexpected error occurred on a send.) Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0 Description = 5:09:34 PM - Failed to retrieve NetTV (Error: The underlying connection was closed: An unexpected error occurred on a send.) Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0 Description = 5:09:34 PM - Failed to retrieve MCEClientUX (Error: The underlying connection was closed: An unexpected error occurred on a send.) Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0 Description = 5:09:34 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: An unexpected error occurred on a send.) Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0 Description = 5:09:34 PM - Failed to retrieve SportsV2 (Error: The underlying connection was closed: An unexpected error occurred on a send.) Error - 7/1/2012 8:39:34 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0 Description = 5:09:34 PM - Failed to retrieve Broadband (Error: The underlying connection was closed: An unexpected error occurred on a send.) Error - 7/1/2012 9:43:07 AM | Computer Name = WesKidd | Source = MCUpdate | ID = 0 Description = 6:13:02 PM - Failed to retrieve SportsV2 (Error: The underlying connection was closed: An unexpected error occurred on a receive.) [ System Events ] Error - 8/26/2012 6:17:58 PM | Computer Name = WesKidd | Source = bowser | ID = 8003 Description = Error - 8/27/2012 8:10:32 AM | Computer Name = WesKidd | Source = bowser | ID = 8003 Description = Error - 8/27/2012 1:56:10 PM | Computer Name = WesKidd | Source = bowser | ID = 8003 Description = Error - 8/29/2012 10:28:59 AM | Computer Name = WesKidd | Source = bowser | ID = 8003 Description = Error - 8/31/2012 5:46:24 PM | Computer Name = WesKidd | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error - 8/31/2012 5:46:24 PM | Computer Name = WesKidd | Source = Service Control Manager | ID = 7000 Description = The Steam Client Service service failed to start due to the following error: %%1053 Error - 9/2/2012 3:24:41 AM | Computer Name = WesKidd | Source = NetBT | ID = 4321 Description = The name "WORKGROUP :1d" could not be registered on the interface with IP address 172.16.0.27. The computer with the IP address 172.16.0.201 did not allow the name to be claimed by this computer. Error - 9/2/2012 3:24:51 AM | Computer Name = WesKidd | Source = NetBT | ID = 4321 Description = The name "WORKGROUP :1d" could not be registered on the interface with IP address 172.16.0.27. The computer with the IP address 172.16.0.201 did not allow the name to be claimed by this computer. Error - 9/2/2012 3:25:48 AM | Computer Name = WesKidd | Source = NetBT | ID = 4321 Description = The name "WORKGROUP :1d" could not be registered on the interface with IP address 172.16.0.27. The computer with the IP address 172.16.0.201 did not allow the name to be claimed by this computer. Error - 9/2/2012 3:26:04 AM | Computer Name = WesKidd | Source = NetBT | ID = 4321 Description = The name "WORKGROUP :1d" could not be registered on the interface with IP address 172.16.0.27. The computer with the IP address 172.16.0.201 did not allow the name to be claimed by this computer. < End of report >
  2. OTL.txt ------------------ OTL logfile created on: 12/21/2012 9:05:39 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wes Kidd\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 11.98 Gb Total Physical Memory | 10.19 Gb Available Physical Memory | 85.10% Memory free 23.95 Gb Paging File | 22.16 Gb Available in Paging File | 92.52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 440.76 Gb Total Space | 258.31 Gb Free Space | 58.61% Space Free | Partition Type: NTFS Drive E: | 3.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 298.09 Gb Total Space | 298.05 Gb Free Space | 99.99% Space Free | Partition Type: NTFS Drive H: | 931.28 Gb Total Space | 38.63 Gb Free Space | 4.15% Space Free | Partition Type: FAT32 Computer Name: WESKIDD | User Name: Wes Kidd | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/21 20:57:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Kidd\Desktop\OTL.exe PRC - [2012/12/17 18:30:40 | 001,758,864 | ---- | M] (Comodo) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe ========== Modules (No Company Name) ========== MOD - [2012/12/17 18:30:40 | 001,407,136 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avcodec-54.dll MOD - [2012/12/17 18:30:40 | 000,229,024 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avformat-54.dll MOD - [2012/12/17 18:30:40 | 000,157,344 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avutil-51.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/12/21 21:03:25 | 000,017,920 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\rpcnetp.exe -- (rpcnetp) SRV:64bit: - [2012/03/12 07:43:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV:64bit: - [2010/11/30 03:30:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010/09/23 05:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 06:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/12/21 21:03:25 | 000,017,920 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\rpcnetp.exe -- (rpcnetp) SRV - [2012/12/21 17:25:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/17 18:30:40 | 001,868,432 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater) SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/11/01 08:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher) SRV - [2012/10/31 15:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/22 15:15:54 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/04/24 10:18:49 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/03/05 13:16:36 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/01/11 18:21:06 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012/01/11 18:21:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011/12/23 09:39:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent) SRV - [2011/12/23 09:39:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent) SRV - [2011/12/12 22:47:04 | 001,030,112 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe -- (DMRepairService) SRV - [2011/12/12 22:46:54 | 001,038,304 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe -- (DMDefragService) SRV - [2011/12/12 22:46:40 | 000,793,056 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2011/11/22 00:52:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2011/11/22 00:49:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011/10/01 18:00:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 18:00:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/03/26 06:25:16 | 000,091,464 | ---- | M] () [Auto | Stopped] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService) SRV - [2011/03/13 23:29:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011/03/13 23:28:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010/10/23 06:18:46 | 001,071,512 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010/10/23 06:15:18 | 001,906,576 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent) SRV - [2010/10/23 05:44:28 | 004,632,864 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe -- (DMS) SRV - [2010/10/06 09:34:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/10/06 09:34:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 23:46:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/11 01:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/04 16:13:28 | 000,337,144 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/21 20:30:18 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon) DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/23 18:40:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 18:38:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 18:37:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/19 10:00:53 | 000,246,568 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) DRV:64bit: - [2012/07/19 10:00:53 | 000,076,584 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) DRV:64bit: - [2012/04/24 10:21:41 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012/04/24 10:21:41 | 000,110,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012/04/24 10:18:34 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012/04/24 10:18:06 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012/04/07 04:18:16 | 000,278,112 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012/03/12 07:43:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd) DRV:64bit: - [2012/03/01 11:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/09 02:18:06 | 000,048,264 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON) DRV:64bit: - [2012/02/04 06:31:20 | 000,677,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012/02/02 01:46:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012/01/31 01:02:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2012/01/27 02:57:36 | 000,413,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012/01/27 02:57:30 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv) DRV:64bit: - [2012/01/17 17:15:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/12/23 09:39:40 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK) DRV:64bit: - [2011/12/23 09:39:34 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS) DRV:64bit: - [2011/12/23 09:39:30 | 000,057,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP) DRV:64bit: - [2011/12/12 22:47:22 | 000,191,104 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTDSMon.sys -- (PCTDSMon) DRV:64bit: - [2011/12/12 22:47:16 | 000,163,440 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTDMDefrag.sys -- (PCTDMDefrag) DRV:64bit: - [2011/12/01 03:58:34 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/10/01 18:00:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 18:00:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 18:00:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 18:00:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/07/30 00:24:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2011/07/30 00:24:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2011/07/18 03:32:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/07/18 03:32:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/05/14 03:07:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011/03/13 23:28:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011/03/13 23:28:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011/03/13 23:28:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011/03/13 23:28:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010/11/30 03:30:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/11/20 18:03:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/10/20 10:04:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/08/03 15:13:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2009/11/18 03:42:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009/07/20 13:59:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/14 06:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 06:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 06:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/11 01:05:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/11 01:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/11 01:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/11 01:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/11 01:04:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009/06/11 01:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/05/24 05:57:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2012/01/31 01:02:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger) DRV - [2011/12/12 22:47:28 | 000,108,864 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PCTDMDefrag.sys -- (PCTDMDefrag) DRV - [2011/09/07 20:25:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO_) DRV - [2011/07/30 00:24:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2011/07/30 00:24:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010/11/22 19:55:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx) DRV - [2009/07/14 05:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/03 04:06:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Browseforchange/search/redirect/?type=default&user_id=c751e884-2c3c-4a00-9e6a-b88c6626f18c&query={searchTerms} IE - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Wes Kidd\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Wes Kidd\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/12 08:34:11 | 000,000,000 | ---D | M] [2012/05/06 17:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\Free Ride Games\npExentCtl.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Wes Kidd\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Wes Kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Wes Kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Privacy SafeGuard = C:\Users\Wes Kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Wes Kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\Wes Kidd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/11 01:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll File not found O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.102.211\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows ® Win 7 DDK provider) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r File not found O4 - HKLM..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave File not found O4 - HKLM..\Run: [uSBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe () O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000..\Run: [Facebook Update] C:\Users\Wes Kidd\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000..\Run: [GoogleChromeAutoLaunch_03DDF90F675085B51D416DB81D7A6F26] C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) O4 - HKU\S-1-5-21-4063102244-3220350283-1659995652-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.60.1 62.68.64.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB}: DhcpNameServer = 172.16.60.1 62.68.64.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB}: NameServer = 8.26.56.26,156.154.70.22 O18:64bit: - Protocol\Handler\belarc - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{35f13c05-fd86-11e1-8ca5-742f68da8368}\Shell - "" = AutoRun O33 - MountPoints2\{35f13c05-fd86-11e1-8ca5-742f68da8368}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe O33 - MountPoints2\{35f13d41-fd86-11e1-8ca5-742f68da8368}\Shell - "" = AutoRun O33 - MountPoints2\{35f13d41-fd86-11e1-8ca5-742f68da8368}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe O33 - MountPoints2\{97aaf340-9e62-11e1-a006-5404a63bc6d6}\Shell - "" = AutoRun O33 - MountPoints2\{97aaf340-9e62-11e1-a006-5404a63bc6d6}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe O33 - MountPoints2\{9e3e690f-c2c7-11e1-80fc-5404a63bc6d6}\Shell - "" = AutoRun O33 - MountPoints2\{9e3e690f-c2c7-11e1-80fc-5404a63bc6d6}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe O33 - MountPoints2\{b9816b51-4554-11e2-8c5a-5404a63bc6d6}\Shell - "" = AutoRun O33 - MountPoints2\{b9816b51-4554-11e2-8c5a-5404a63bc6d6}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/21 20:57:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wes Kidd\Desktop\OTL.exe [2012/12/21 19:50:49 | 000,000,000 | ---D | C] -- C:\Users\Wes Kidd\Desktop\RK_Quarantine [2012/12/21 18:18:22 | 000,000,000 | ---D | C] -- C:\Users\Wes Kidd\AppData\Roaming\Malwarebytes [2012/12/21 18:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/21 18:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/12/21 18:18:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/21 18:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/12/21 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo [2012/12/21 17:15:14 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Wes Kidd\Desktop\dds.com [2012/12/21 17:15:11 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Wes Kidd\Desktop\dds.scr [2012/12/21 17:09:07 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/21 17:09:07 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/21 17:09:07 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/21 17:09:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/21 17:06:18 | 000,495,874 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Wes Kidd\Desktop\JRT.exe [2012/12/21 16:59:56 | 005,012,825 | ---- | C] (Swearware) -- C:\Users\Wes Kidd\Desktop\ComboFix.exe [2012/12/21 16:59:08 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Wes Kidd\Desktop\tdsskiller.exe [2012/12/21 16:58:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Wes Kidd\Desktop\aswMBR.exe [2012/12/19 01:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2012/12/19 01:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks [2012/12/19 01:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks [2012/12/19 01:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup [2012/12/19 01:35:31 | 000,000,000 | ---D | C] -- C:\Users\Wes Kidd\AppData\Local\{7830390B-846D-418B-98A1-19CC9EBF592C} [2012/12/14 14:11:13 | 000,000,000 | ---D | C] -- C:\Users\Wes Kidd\AppData\Local\BlueStacksSetup [2012/12/13 22:56:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/13 22:56:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/13 22:56:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/13 22:56:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/13 22:56:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/13 22:56:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/13 22:56:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/13 22:56:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/13 22:56:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/13 22:56:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/13 22:56:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/13 22:56:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/13 22:56:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/13 22:56:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/13 22:56:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/13 20:01:40 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/13 20:01:40 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/12/13 20:01:40 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/12/13 20:01:40 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/12/13 20:01:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/12/13 20:01:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/12/13 20:01:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/12/13 20:01:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/12/13 20:01:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/12/13 20:01:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/12/13 20:01:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/12/13 20:01:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/12/13 20:01:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/13 20:01:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/13 20:01:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/12/13 20:01:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/13 20:01:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/13 20:01:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/13 20:01:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/12/13 20:01:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/13 20:01:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/13 20:01:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/13 20:01:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/12/13 20:01:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/13 20:01:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/13 20:01:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/12/13 20:01:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/12/13 20:00:41 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/13 20:00:41 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/12 20:45:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\desmume-0.9.8-win64 [2012/12/11 17:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2012/12/11 16:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012/12/03 20:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/12/03 20:33:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/12/03 20:33:21 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/26 13:49:43 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012/11/26 13:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/11/26 13:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/11/23 20:44:52 | 000,000,000 | ---D | C] -- C:\Users\Wes Kidd\AppData\Local\{5681B1B3-B912-424F-AD97-CD52F17FB8D1} [2 C:\Users\Wes Kidd\Documents\*.tmp files -> C:\Users\Wes Kidd\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/21 21:03:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/21 21:03:25 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe [2012/12/21 21:03:25 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe [2012/12/21 21:02:38 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012/12/21 21:02:25 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll [2012/12/21 21:01:16 | 000,000,640 | ---- | M] () -- C:\Windows\wininit.ini [2012/12/21 21:01:02 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job [2012/12/21 20:57:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Kidd\Desktop\OTL.exe [2012/12/21 20:37:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/21 20:37:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/21 20:35:59 | 000,756,164 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/21 20:35:59 | 000,645,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/21 20:35:59 | 000,114,720 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/21 20:31:20 | 000,000,380 | ---- | M] () -- C:\Users\Wes Kidd\AppData\Roaming\sp_data.sys [2012/12/21 20:30:18 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2012/12/21 20:30:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/21 20:00:30 | 000,065,108 | ---- | M] () -- C:\Users\Wes Kidd\Desktop\1356103236988.jpg [2012/12/21 19:16:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/21 18:18:14 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/21 17:25:56 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk [2012/12/21 17:25:56 | 000,002,045 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2012/12/21 17:25:56 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk [2012/12/21 17:25:18 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/21 17:25:18 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/21 17:22:54 | 000,280,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/21 17:15:17 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Wes Kidd\Desktop\dds.com [2012/12/21 17:15:13 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Wes Kidd\Desktop\dds.scr [2012/12/21 17:09:34 | 005,012,825 | ---- | M] (Swearware) -- C:\Users\Wes Kidd\Desktop\ComboFix.exe [2012/12/21 17:07:28 | 000,495,874 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Wes Kidd\Desktop\JRT.exe [2012/12/21 17:07:18 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Wes Kidd\Desktop\aswMBR.exe [2012/12/21 17:03:33 | 000,547,175 | ---- | M] () -- C:\Users\Wes Kidd\Desktop\AdwCleaner.exe [2012/12/21 17:02:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Wes Kidd\Desktop\tdsskiller.exe [2012/12/21 16:57:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4063102244-3220350283-1659995652-1000UA.job [2012/12/21 16:22:41 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/21 13:10:51 | 000,001,071 | ---- | M] () -- C:\Users\Wes Kidd\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk [2012/12/21 07:57:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4063102244-3220350283-1659995652-1000Core.job [2012/12/16 21:41:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 19:15:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 18:43:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/16 18:43:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/11 16:51:19 | 000,000,219 | RH-- | M] () -- C:\Windows\ctfile.rfc [2012/12/03 20:33:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/12/03 20:33:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/12/03 20:33:14 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/12/03 20:33:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/12/03 20:33:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/12/03 20:33:14 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2 C:\Users\Wes Kidd\Documents\*.tmp files -> C:\Users\Wes Kidd\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/21 20:00:30 | 000,065,108 | ---- | C] () -- C:\Users\Wes Kidd\Desktop\1356103236988.jpg [2012/12/21 18:18:14 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/21 17:25:56 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk [2012/12/21 17:25:56 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2012/12/21 17:25:56 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk [2012/12/21 17:02:45 | 000,547,175 | ---- | C] () -- C:\Users\Wes Kidd\Desktop\AdwCleaner.exe [2012/12/15 17:39:24 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll [2012/12/11 17:08:21 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd [2012/09/21 00:12:01 | 000,154,240 | ---- | C] () -- C:\Windows\AsPatch10430001.exe [2012/07/21 21:28:47 | 000,003,584 | ---- | C] () -- C:\Users\Wes Kidd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/17 09:45:07 | 000,000,640 | ---- | C] () -- C:\Windows\wininit.ini [2012/04/07 22:34:37 | 000,000,096 | ---- | C] () -- C:\Users\Wes Kidd\AppData\Local\fusioncache.dat [2012/04/07 22:31:53 | 000,772,388 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/04/07 02:02:17 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2012/04/07 02:02:16 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012/04/07 02:02:16 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2012/04/07 02:02:16 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012/04/07 02:02:16 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2012/04/05 16:02:16 | 000,000,380 | ---- | C] () -- C:\Users\Wes Kidd\AppData\Roaming\sp_data.sys [2012/04/05 07:55:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012/03/05 13:16:52 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/01/11 18:21:08 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012/01/11 18:21:08 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012/01/11 18:21:08 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012/01/11 18:21:07 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/01/11 18:21:07 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/01/11 18:09:18 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011/09/29 04:14:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/07/18 03:40:15 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2011/07/18 03:39:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe ========== ZeroAccess Check ========== [2009/07/14 09:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 10:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 09:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:49:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/04/05 08:42:14 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Acreon [2012/04/04 02:22:17 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\ASUS WebStorage [2012/07/29 21:46:17 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\foobar2000 [2012/04/06 03:03:14 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\GetRightToGo [2012/04/08 02:05:47 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Lionhead Studios [2012/04/04 03:04:35 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Nuance [2012/04/07 13:17:41 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Playrix Entertainment [2012/04/05 10:53:49 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Product_PT [2012/06/30 21:05:02 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\PureEdge [2012/04/24 09:04:49 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\ReviverSoft [2012/12/10 21:43:05 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\SoftGrid Client [2012/04/25 02:05:34 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\SystemRequirementsLab [2012/04/24 09:02:02 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\TeamViewer [2012/05/09 20:07:14 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\TP [2012/06/29 22:10:59 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\TuneUp Software [2012/04/04 03:04:33 | 000,000,000 | ---D | M] -- C:\Users\Wes Kidd\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0D786AE3 < End of report >
  3. I will be restarting my computer and putting it back in Safe Mode with Networking in order to perform this action as it's doing the same thing the DDS program did... closes seconds after opening. Is there any reason behind this? When trying to open it, I have disabled my A/V programs as well as the internet.
  4. Been surfing around for a bit now. So far so good, but that seemed too easy! I guess I'm just a bit paranoid, ha. Thanks!
  5. Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.21.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wes Kidd :: WESKIDD [administrator] Protection: Enabled 12/21/2012 8:32:37 PM mbam-log-2012-12-21 (20-32-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 252732 Time elapsed: 7 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. Rogue Killer log: RogueKiller V8.4.0 [Dec 20 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Wes Kidd [Admin rights] Mode : Remove -- Date : 12/21/2012 20:19:32 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BPKT-80PK4T0 +++++ --- User --- [MBR] 7c062b6e323b3772438092bd0cd9c51e [bSP] 2b76c692476633b72e7dc5d7b59a7a49 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 451336 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HM320HJ +++++ --- User --- [MBR] 2194785550c3ef5bf6724ba1b03b249e [bSP] d1d69a3974ebf256f138b23679aaa07e : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WD 10EACS External USB Device +++++ --- User --- [MBR] a65cf760d43b336347fb57bc883ace24 [bSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3]_D_12212012_02d2019.txt >> RKreport[1]_S_12212012_02d1951.txt ; RKreport[2]_D_12212012_02d2019.txt ; RKreport[3]_D_12212012_02d2019.txt Rebooting now to perform the rest.
  7. Just a note: I'm performing all of these actions in Safe Mode with Networking. Please let me know if I should not. The attached file is the AdwCleaner scan file as requested. Here is the Rogue Killer report: ---------------------------------------- RogueKiller V8.4.0 [Dec 20 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Wes Kidd [Admin rights] Mode : Scan -- Date : 12/21/2012 19:51:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 14 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : ISUSPM (C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler) -> FOUND [RUN][bLACKLISTDLL] HKLM\[...]\Run : THXCfg64 (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-4063102244-3220350283-1659995652-1000[...]\Run : ISUSPM (C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler) -> FOUND [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : UpdReg (C:\Windows\Updreg.EXE) -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{74E1C399-3F4A-456A-9761-FCB326651BEB} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\Wes Kidd\Desktop\dds.scr) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BPKT-80PK4T0 +++++ --- User --- [MBR] 7c062b6e323b3772438092bd0cd9c51e [bSP] 2b76c692476633b72e7dc5d7b59a7a49 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 451336 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HM320HJ +++++ --- User --- [MBR] 2194785550c3ef5bf6724ba1b03b249e [bSP] d1d69a3974ebf256f138b23679aaa07e : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WD 10EACS External USB Device +++++ --- User --- [MBR] a65cf760d43b336347fb57bc883ace24 [bSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_12212012_02d1951.txt >> RKreport[1]_S_12212012_02d1951.txt AdwCleanerS2.txt
  8. Just an update: I am currently in Safe Mode with Networking and was able to run the DDS file. I'm having a hard time accessing this forum as I was redirected at least 15 times before I managed to finally get to my topic. Some of the redirects are as follows: http://skincare.blis...m_term=77497-20 http://www1.globalget.net http://www.allwaysearch.com etc. I have the "Attach.txt" sitting here on my desktop but it says not to attach it unless requested. So for now, attached is the "dds.txt" file. dds.txt
  9. Hello, Recently my computer has been redirecting me to the Infosearch website. I'll click a link or refresh a page and it'll come up with "this document has moved" and redirect me to Infosearch.com. Also, occasionally a box will pop up in the lower right hand corner of the screen that recommends me to go to certain websites or gives me false "system messages." It minimizes everything I'm doing when that box pops up. I did some research on this issue and saw that it wasn't an easy fix. I am currently deployed to Afghanistan and beginning my transition home so I figured I would fix this as soon as I got back. However, it's only gotten worse and now I'm needing to use my laptop more and more often. It used to only redirect me once every so often, but now it's redirecting me more than ever. Also another recent addition to this nuisance is that there have been audible ads playing in the background. It doesn't matter how many tabs I close or in what order, it only disappears once the entire internet has been closed. I read previous topics and attempted to download some of the same programs that were suggested just so I could be ready, however most would not download. DDS.scr takes me to a blank page and doesn't begin a download, but I finally got DDS.com to download, however once it pops up (with internet and antivirus disabled), it lasts for about 6 seconds and then automatically closes. I get as far as being able to click the "Start" button to initiate the scan. It begins, but after about 6 seconds it closes and the program disappears. A couple of key notes as to what I'm using: Windows 7 x64bit Comodo Internet Comodo Internet Security / Antivirus Any and all assistance is highly appreciated. -Kas
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.