Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware eating-up disk space [Solved]


  • This topic is locked This topic is locked

#1
Nikkekoi

Nikkekoi

    Member

  • Member
  • PipPip
  • 24 posts
Hello!

I just recently checked my computer and saw that my disk space is running low. It only had 521MB left and it caused my computer to run slow. I deleted some unused files and even uninstalled programs that I did not need, it showed I had freed 10GB of my hard drive.

The next day my computer warned me that my disk space is running low and it again showed me 521MB. Also, whenever I refresh my computer it shows that my disck space is changed from 521MB to 493MB to 0.98GB.

I already tried the Combofix program as suggested by one forum here, my computer is running smoother but my disk space is still low.


What do I do? Please help me. Thanks!

Edited by Nikkekoi, 14 November 2012 - 09:55 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Nikkekoi and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Go Here and download JDiskReport
Install and run it to scan the C: drive.
When the Pie chart comes up, Click on View in the top menu and choose Copy To Clipboard

Open a reply here and paste (Ctrl+V) the results.

Step 4


Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • JDiskReport log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTL logfile created on: 11/15/2012 4:04:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nikke\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 81.28% Memory free
3.97 Gb Paging File | 3.63 Gb Available in Paging File | 91.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.18 Gb Total Space | 0.49 Gb Free Space | 0.34% Space Free | Partition Type: NTFS
Drive D: | 144.08 Gb Total Space | 22.83 Gb Free Space | 15.85% Space Free | Partition Type: NTFS

Computer Name: NIKKE-PC | User Name: Nikke | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/15 11:33:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nikke\Downloads\OTL.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV - [2012/10/31 06:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/09 17:25:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 03:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/01 10:24:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/11/25 04:18:04 | 000,210,880 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2011/11/09 07:57:00 | 000,530,352 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/12 08:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/10 12:06:16 | 000,112,552 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2011/06/08 04:07:36 | 000,186,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2011/06/08 04:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2011/04/02 08:41:44 | 000,152,496 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/10/21 05:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2010/10/13 01:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Nikke\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/15 08:33:58 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F7365DA-3F6E-4E57-9765-1E9DBA3940EB}\MpKslab7569ed.sys -- (MpKslab7569ed)
DRV - [2012/10/31 06:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/31 06:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/31 06:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/31 06:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/31 06:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 23:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/27 04:04:46 | 001,344,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2011/11/16 02:11:12 | 000,094,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2011/10/21 17:41:56 | 002,223,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/08/31 04:48:56 | 000,236,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2011/08/09 08:53:26 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/07/13 11:07:40 | 000,016,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2011/02/09 10:08:00 | 000,033,616 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2011/01/28 06:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010/11/30 02:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010/11/21 05:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/21 05:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/21 05:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/12 01:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2010/08/31 01:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2010/04/27 02:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/07/31 08:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/25 02:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/15 06:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/08 00:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/18 02:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.13.0.6
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nikke\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nikke\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/14 04:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/24 19:33:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/24 19:33:14 | 000,000,000 | ---D | M]

[2012/09/27 11:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Extensions
[2012/09/27 04:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions
[2012/06/08 08:45:44 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/09/05 15:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]
[2012/06/28 22:03:16 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]
[2012/06/28 21:56:44 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]
[2012/06/28 21:57:09 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]
[2012/09/05 15:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\staged
[2012/06/14 20:03:14 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\[email protected]
[2012/08/15 10:29:11 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/06/28 21:58:54 | 000,002,203 | ---- | M] () -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\searchplugins\MyStart Search.xml
[2012/09/27 04:29:00 | 000,002,519 | ---- | M] () -- C:\Users\Nikke\AppData\Roaming\Mozilla\Firefox\Profiles\noc4pjgd.default\searchplugins\Search_Results.xml
[2012/09/27 11:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/05 19:16:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/06 19:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
File not found (No name found) -- C:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/06/01 10:24:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/10 01:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/09/05 15:59:05 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/06/01 10:23:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/27 04:29:00 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/01 10:23:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com.ph/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com.ph/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nikke\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nikke\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Nikke\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nikke\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Save now = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnpfcegijiidalnoeeigipepclpljgh\1.1.3_0\
CHR - Extension: YouTube = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: New Tab for Chrome = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: uTorrentControl2 = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Gmail = C:\Users\Nikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/15 10:43:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [googletalk] C:\Users\Nikke\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [PomodoroApp] C:\Program Files\PomodoroApp\PomodoroApp.exe (PomodoroApp Software)
O4 - Startup: C:\Users\Nikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nikke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BF2FA24-1970-44E7-9CC5-EDDBAC50C12F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BF2FA24-1970-44E7-9CC5-EDDBAC50C12F}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/11/15 15:16:20 | 000,000,000 | ---D | C] -- C:\Users\Nikke\AppData\Roaming\JGoodies
[2012/11/15 15:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.4.0
[2012/11/15 15:13:24 | 000,000,000 | ---D | C] -- C:\Users\Nikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.4.0
[2012/11/15 15:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\JGoodies
[2012/11/15 10:47:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/15 10:47:33 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/11/15 10:47:33 | 000,000,000 | ---D | C] -- C:\Users\Nikke\AppData\Local\temp
[2012/11/15 08:37:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/15 08:37:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/15 08:37:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/15 08:33:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/15 08:30:44 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/14 04:05:38 | 000,044,784 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/11/14 04:05:24 | 000,738,504 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/11/14 02:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/11/14 02:51:20 | 000,021,256 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/11/14 02:51:18 | 000,361,032 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/11/14 02:51:18 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswRdr.sys
[2012/11/14 02:51:14 | 000,054,232 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/11/14 02:50:54 | 000,058,680 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/11/14 02:49:37 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2012/11/14 02:49:33 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/11/14 02:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/11/14 02:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/11/12 05:08:52 | 000,000,000 | ---D | C] -- C:\Users\Nikke\AppData\Roaming\AVG2013
[2012/11/11 05:54:37 | 000,000,000 | ---D | C] -- C:\Users\Nikke\AppData\Local\Avg2013
[2012/11/04 23:13:01 | 000,000,000 | ---D | C] -- C:\Users\Nikke\Documents\First Year Files
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/15 15:57:36 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/11/15 15:57:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/15 15:56:04 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-423147521-1242766847-26236850-1000UA.job
[2012/11/15 15:53:57 | 000,000,328 | ---- | M] () -- C:\windows\tasks\DriverScanner.job
[2012/11/15 15:24:22 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/15 15:13:29 | 000,001,808 | ---- | M] () -- C:\Users\Nikke\Desktop\JDiskReport.lnk
[2012/11/15 15:11:08 | 000,013,371 | ---- | M] () -- C:\Users\Nikke\Desktop\lq5ecrps.exe - Shortcut.lnk
[2012/11/15 15:10:22 | 000,013,264 | ---- | M] () -- C:\Users\Nikke\Desktop\OTL.exe - Shortcut.lnk
[2012/11/15 13:42:35 | 000,095,899 | ---- | M] () -- C:\Users\Nikke\Documents\CS_Diabetic_Ketoacidosis.pdf
[2012/11/15 11:25:00 | 000,016,656 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 11:25:00 | 000,016,656 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 10:43:46 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/11/15 07:56:09 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-423147521-1242766847-26236850-1000Core.job
[2012/11/15 05:41:44 | 000,628,904 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/15 05:41:44 | 000,110,798 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/14 04:48:15 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/11/14 02:51:25 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/12 21:08:26 | 000,264,194 | ---- | M] () -- C:\Users\Nikke\Documents\Scholarship-FAQs-revised-9-2011.pdf
[2012/10/31 06:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/10/31 06:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/10/31 06:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/10/31 06:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/10/31 06:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/10/31 06:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012/10/31 06:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/10/22 16:15:28 | 000,015,036 | ---- | M] () -- C:\windows\System32\results.xml
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/15 15:13:29 | 000,001,808 | ---- | C] () -- C:\Users\Nikke\Desktop\JDiskReport.lnk
[2012/11/15 15:11:08 | 000,013,371 | ---- | C] () -- C:\Users\Nikke\Desktop\lq5ecrps.exe - Shortcut.lnk
[2012/11/15 15:10:22 | 000,013,264 | ---- | C] () -- C:\Users\Nikke\Desktop\OTL.exe - Shortcut.lnk
[2012/11/15 13:42:35 | 000,095,899 | ---- | C] () -- C:\Users\Nikke\Documents\CS_Diabetic_Ketoacidosis.pdf
[2012/11/15 08:37:54 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/15 08:37:54 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/15 08:37:54 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/15 08:37:54 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/15 08:37:54 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/14 02:51:25 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/12 21:08:26 | 000,264,194 | ---- | C] () -- C:\Users\Nikke\Documents\Scholarship-FAQs-revised-9-2011.pdf
[2012/11/04 18:26:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\Ikeext.etl
[2012/09/27 16:23:35 | 000,000,182 | ---- | C] () -- C:\Users\Nikke\u.ini
[2012/07/20 10:52:54 | 000,000,600 | ---- | C] () -- C:\Users\Nikke\PUTTY.RND
[2012/06/06 19:52:07 | 000,000,442 | ---- | C] () -- C:\Users\Nikke\Desktop.lnk
[2012/04/19 10:47:18 | 000,192,616 | ---- | C] () -- C:\windows\System32\drivers\RTAIODAT.DAT
[2012/02/27 04:05:16 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011/12/27 12:49:20 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/12/14 05:57:16 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011/09/15 09:11:16 | 001,048,576 | ---- | C] () -- C:\windows\System32\syndata.bin
[2011/08/09 08:53:28 | 000,246,804 | ---- | C] () -- C:\windows\System32\drivers\AtherosBT.bin

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/27 11:57:38 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\AVG
[2012/11/12 05:08:52 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\AVG2013
[2012/09/27 11:53:03 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\AVG9
[2012/09/05 15:58:39 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\Babylon
[2012/11/15 15:55:25 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\Dropbox
[2012/09/05 16:03:58 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\eType
[2012/11/15 15:16:20 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\JGoodies
[2012/08/09 11:32:14 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\PhotoScape
[2012/11/12 14:08:11 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\SoftGrid Client
[2012/06/08 22:32:09 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\Softland
[2012/06/08 17:35:50 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\Software Informer
[2012/06/06 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\Toshiba
[2012/07/11 08:00:51 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\TP
[2012/09/02 20:38:09 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\TuneUp Software
[2012/06/08 22:07:00 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\UDC Profiles
[2012/11/14 05:00:40 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\uTorrent
[2012/06/15 09:22:31 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\WildTangent
[2012/06/12 13:08:33 | 000,000,000 | ---D | M] -- C:\Users\Nikke\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

< netsvc >
[2009/07/14 12:53:46 | 000,032,540 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2009/07/14 12:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2012/06/06 19:57:35 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012/07/19 08:40:01 | 000,000,856 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423147521-1242766847-26236850-1000Core.job
[2012/07/19 08:40:01 | 000,000,908 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-423147521-1242766847-26236850-1000UA.job
[2012/09/22 10:58:37 | 000,000,328 | ---- | C] () -- C:\windows\Tasks\DriverScanner.job

< %SYSTEMDRIVE% * .exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 09:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/14 09:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 09:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 16:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2011/03/01 16:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache\svchost.exe
[2011/03/01 16:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\System32\svchost.exe
[2011/03/01 16:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 05:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/21 05:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/21 05:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< %systemroot% \ * . /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
  • 0

#4
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTL Extras logfile created on: 11/15/2012 4:04:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nikke\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 81.28% Memory free
3.97 Gb Paging File | 3.63 Gb Available in Paging File | 91.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.18 Gb Total Space | 0.49 Gb Free Space | 0.34% Space Free | Partition Type: NTFS
Drive D: | 144.08 Gb Total Space | 22.83 Gb Free Space | 15.85% Space Free | Partition Type: NTFS

Computer Name: NIKKE-PC | User Name: Nikke | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F15F104-51B7-4A64-AD76-403BDD445FF0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{53C69912-B317-434F-8EEE-C742667DB729}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6A649419-E2C9-4307-B8A8-AE9ABC8AED39}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D2479C5E-4161-4AFC-B0A0-C695F5E2FC3E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D601EFA-4F98-4798-BD3B-3B0ED9D25229}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{27B0147B-3A24-44B3-B8D0-DF7845DD8C43}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3027076D-27E0-47C2-91A9-69F0311C2D2D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{362CC1E6-2C8C-45D6-B99C-0E249813B2EB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3A1A1B54-D828-441A-BAA1-243F6C99E279}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{48B3E7A7-4856-4176-8D2A-8F742E70EAF4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5B1E0223-C031-4C87-A8BE-3A0106B517F6}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet ink adv 2060 k110\bin\usbsetup.exe |
"{620277BC-4B35-4181-A412-9DAC7ED76160}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{64591111-05A3-4377-9FEA-BF8BE42CB725}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6B84F2ED-703E-4555-8207-0CE838F2FA17}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{6CB1D5B4-DBFB-4A60-ADDF-350D1F740A81}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{781D6EA2-FD24-4C0F-99F5-A08ECD6E1E2A}" = protocol=6 | dir=in | app=c:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe |
"{8CC3B43F-CEDF-48B3-8810-B59C74EEB775}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A11326F0-25B3-4A5E-A0F4-3853095449D9}" = protocol=17 | dir=in | app=c:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe |
"{A478B505-B04D-4910-BBE4-FA72EB8CC802}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ABB18847-81AA-4378-9E1C-BA41BA22A9E7}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet ink adv 2060 k110\bin\usbsetup.exe |
"{B74062C7-906B-4344-B84D-C1B6CF53AC3D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B9FEF978-4345-4AAC-8ADA-7D321D284665}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{BAC2E9BE-65FC-4B52-824C-4AC12242E8AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BB1CF74E-7FDD-49D6-BA12-74130269816C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BC0914F8-5198-45D7-B65D-C9F7802F0351}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D6CF6C97-FD0F-4D3B-A578-B60E5C9747B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3403CD5-100F-4AC9-BDE1-78B5D1551DA9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"TCP Query User{303572E5-4BE6-4A13-B7FE-F07F3CAEE84E}C:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{43477F30-A693-4F63-913D-981B7C2A3573}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{23DAE7AE-D429-4F70-975A-546498A6358B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{2B8367D7-1E34-466A-B500-3A122B77D814}C:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nikke\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{261A4762-744B-4C71-81D2-57FA5038DC7B}" = HP Deskjet Ink Adv 2060 K110 Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39ED2FD9-9269-42F5-A032-AA15736AF0AF}_is1" = Bigasoft YouTube Downloader 1.0.1.4535
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51BA435B-D119-4A1B-966C-673D382B260A}" = HP Deskjet Ink Adv 2060 K110 Basic Device Software
"{5494B59E-6E82-499E-91AC-C53199955EC5}" = Atheros Bluetooth Filter Driver Package
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}" = TOSHIBA ReelTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{65482307-FE7D-4E7F-9DEF-3F0E841BC77A}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B081F658-8216-4AFB-BED7-14CCA2DE0F73}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA604579-F4F4-4651-8A20-95FF63DB499F}" = TOSHIBA Audio Enhancement
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}" = TOSHIBA Sync Utility
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}" = TOSHIBA ConfigFree
"{EE1564DB-FBF5-4B39-9A53-0C522269936C}" = HP Deskjet Ink Adv 2060 K110 Product Improvement Study
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Atlas Of Histology" = Atlas Of Histology
"avast" = avast! Free Antivirus
"AVG" = AVG 2013
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}" = TOSHIBA ReelTime
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"JDiskReport 1.4.0" = JDiskReport 1.4.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PomodoroApp_is1" = PomodoroApp 2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VLC media player 2.0.0
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WTA-512709ca-b3f4-41a6-a96c-aa1bef9d9829" = Plants vs. Zombies - Game of the Year
"WTA-a259f1e6-f7ba-4f02-9ace-7bc1d2e4cff4" = Bejeweled 3
"WTA-f224311b-a3f3-4794-a4e8-dcd509ad5e2b" = Zuma's Revenge

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"JDiskReport" = JDiskReport
"oDVT" = oDesk Team
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2012 4:42:23 PM | Computer Name = Nikke-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 13.0.0.2732, time
stamp: 0x506a253d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process
id: 0x1de4 Faulting application start time: 0x01cdc1162e351d3c Faulting application
path: C:\Program Files\AVG\AVG2013\avgwdsvc.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 7553756c-2d09-11e2-af52-00266c125c79

Error - 11/12/2012 4:42:38 PM | Computer Name = Nikke-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 13.0.0.2732, time
stamp: 0x506a253d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process
id: 0x1d38 Faulting application start time: 0x01cdc11639391986 Faulting application
path: C:\Program Files\AVG\AVG2013\avgwdsvc.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 7e836e2c-2d09-11e2-af52-00266c125c79

Error - 11/12/2012 4:43:00 PM | Computer Name = Nikke-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 13.0.0.2732, time
stamp: 0x506a253d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process
id: 0x1e10 Faulting application start time: 0x01cdc116428ffbc8 Faulting application
path: C:\Program Files\AVG\AVG2013\avgwdsvc.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 8b8e65a0-2d09-11e2-af52-00266c125c79

Error - 11/12/2012 4:43:22 PM | Computer Name = Nikke-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 13.0.0.2732, time
stamp: 0x506a253d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process
id: 0x1d54 Faulting application start time: 0x01cdc1164f7409ba Faulting application
path: C:\Program Files\AVG\AVG2013\avgwdsvc.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 98903531-2d09-11e2-af52-00266c125c79

Error - 11/12/2012 4:43:43 PM | Computer Name = Nikke-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 13.0.0.2732, time
stamp: 0x506a253d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process
id: 0x195c Faulting application start time: 0x01cdc1165c61b4c1 Faulting application
path: C:\Program Files\AVG\AVG2013\avgwdsvc.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: a5557010-2d09-11e2-af52-00266c125c79

Error - 11/12/2012 4:44:04 PM | Computer Name = Nikke-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 13.0.0.2732, time
stamp: 0x506a253d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process
id: 0x1a20 Faulting application start time: 0x01cdc116694a56a4 Faulting application
path: C:\Program Files\AVG\AVG2013\avgwdsvc.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: b1fc9b2e-2d09-11e2-af52-00266c125c79

Error - 11/12/2012 4:44:25 PM | Computer Name = Nikke-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 13.0.0.2732, time
stamp: 0x506a253d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process
id: 0x1ad8 Faulting application start time: 0x01cdc11675be8a23 Faulting application
path: C:\Program Files\AVG\AVG2013\avgwdsvc.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: be8dccf9-2d09-11e2-af52-00266c125c79

Error - 11/12/2012 4:44:47 PM | Computer Name = Nikke-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 13.0.0.2732, time
stamp: 0x506a253d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process
id: 0x18a4 Faulting application start time: 0x01cdc11682c7108d Faulting application
path: C:\Program Files\AVG\AVG2013\avgwdsvc.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: cb5be199-2d09-11e2-af52-00266c125c79

Error - 11/12/2012 4:45:06 PM | Computer Name = Nikke-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 13.0.0.2732, time
stamp: 0x506a253d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process
id: 0x1644 Faulting application start time: 0x01cdc1168f50ef3d Faulting application
path: C:\Program Files\AVG\AVG2013\avgwdsvc.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: d69630ef-2d09-11e2-af52-00266c125c79

Error - 11/12/2012 4:45:20 PM | Computer Name = Nikke-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgwdsvc.exe, version: 13.0.0.2732, time
stamp: 0x506a253d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process
id: 0x1ae8 Faulting application start time: 0x01cdc1169a51690b Faulting application
path: C:\Program Files\AVG\AVG2013\avgwdsvc.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: df46225f-2d09-11e2-af52-00266c125c79

[ System Events ]
Error - 11/15/2012 3:53:30 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7024
Description = The AVG Firewall service terminated with service-specific error %%-536805289.

Error - 11/15/2012 3:55:05 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 11/15/2012 3:55:59 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 11/15/2012 3:57:36 AM | Computer Name = Nikke-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:56:07 PM on ?11/?15/?2012 was unexpected.

Error - 11/15/2012 3:57:36 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends the following service: AVGIDSDriver.
This service might not be installed.

Error - 11/15/2012 3:57:36 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1068

Error - 11/15/2012 3:57:41 AM | Computer Name = Nikke-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswSnx aswSP aswTdi cdrom discache MpFilter spldr Tosrfcom Wanarpv6

Error - 11/15/2012 3:57:44 AM | Computer Name = Nikke-PC | Source = DCOM | ID = 10005
Description =

Error - 11/15/2012 3:57:50 AM | Computer Name = Nikke-PC | Source = DCOM | ID = 10005
Description =

Error - 11/15/2012 3:57:56 AM | Computer Name = Nikke-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\athihvs.dll
Error
Code: 21


< End of report >
  • 0

#5
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-15 18:10:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ES2O
Running: lq5ecrps.exe; Driver: C:\Users\Nikke\AppData\Local\Temp\uwloqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 820493C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82082D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745E24CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745C562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745C56EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [745E2546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745D85AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745D4D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745D5105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745D51DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745D6707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745D8301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745D8850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745D90B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745DE254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1196] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745D4C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#6
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
JDiskReport.png
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please do JDiskReport step again.
This time scan
C:\Windows
folder and after the scan click View in the top menu and choose Copy table to Clipboard. Don't printscreen JDiskReport. I need text version of report.
  • 0

#8
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Size details for C:\

Name File Size Files % of Parent % of Total
C:\ 155,976,854 131,154 100.0% 100.0%
Windows 84,349,419 71,085 54.1% 54.1%
Users 61,459,653 12,569 39.4% 39.4%
Program Files 7,563,025 43,848 4.8% 4.8%
ProgramData 2,002,357 3,322 1.3% 1.3%
IUware Online 575,816 252 0.4% 0.4%
Boot 14,253 35 0.0% 0.0%
System Volume Information 10,172 16 0.0% 0.0%
Qoobox 1,572 13 0.0% 0.0%
Files in this directory 406 7 0.0% 0.0%
Intel 97 1 0.0% 0.0%
TOSHIBA 59 2 0.0% 0.0%
Config.Msi 30 1 0.0% 0.0%
$RECYCLE.BIN 2 3 0.0% 0.0%
MSOCache 0 0 0.0% 0.0%
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I see that your Windows folder is using around 80GB. That is too much. Start JDiskReport again. On the first screen click to scan

C:\windows

After the scan click View fro menu and press Copy table to clipboard. Post that log here for me.
  • 0

#10
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Size details for C:\Windows

Name File Size Files % of Parent % of Total
C:\Windows 84,416,375 60,127 100.0% 100.0%
System32 72,881,846 19,267 86.3% 86.3%
winsxs 5,134,942 31,514 6.1% 6.1%
Installer 3,929,694 1,828 4.7% 4.7%
assembly 609,540 819 0.7% 0.7%
Fonts 394,115 624 0.5% 0.5%
Microsoft.NET 386,919 941 0.5% 0.5%
Speech 176,779 46 0.2% 0.2%
SoftwareDistribution 166,261 39 0.2% 0.2%
IME 140,183 53 0.2% 0.2%
erdnt 122,616 90 0.1% 0.1%
inf 85,242 1,341 0.1% 0.1%
Performance 60,929 27 0.1% 0.1%
Prefetch 44,919 117 0.1% 0.1%
tracing 40,288 87 0.0% 0.0%
ServiceProfiles 33,093 103 0.0% 0.0%
Help 27,825 155 0.0% 0.0%
servicing 25,026 1,620 0.0% 0.0%
Logs 23,275 12 0.0% 0.0%
Boot 17,876 35 0.0% 0.0%
debug 15,898 334 0.0% 0.0%
Files in this directory 14,427 44 0.0% 0.0%
AppCompat 13,531 4 0.0% 0.0%
Media 13,015 320 0.0% 0.0%
twain_32 12,853 4 0.0% 0.0%
Globalization 9,814 10 0.0% 0.0%
AppPatch 9,629 11 0.0% 0.0%
rescache 5,822 17 0.0% 0.0%
diagnostics 2,932 287 0.0% 0.0%
Branding 2,361 3 0.0% 0.0%
PolicyDefinitions 2,132 22 0.0% 0.0%
Cursors 2,064 162 0.0% 0.0%
Web 2,059 5 0.0% 0.0%
Panther 1,877 17 0.0% 0.0%
Resources 1,624 11 0.0% 0.0%
ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP 1,426 10 0.0% 0.0%
PLA 1,092 56 0.0% 0.0%
security 1,034 2 0.0% 0.0%
system 684 22 0.0% 0.0%
Minidump 140 1 0.0% 0.0%
en-US 108 10 0.0% 0.0%
en 105 1 0.0% 0.0%
SHELLNEW 94 3 0.0% 0.0%
temp 93 6 0.0% 0.0%
schemas 55 23 0.0% 0.0%
L2Schemas 48 7 0.0% 0.0%
ModemLogs 42 1 0.0% 0.0%
Tasks 35 6 0.0% 0.0%
registration 22 1 0.0% 0.0%
Vss 13 3 0.0% 0.0%
Setup 2 3 0.0% 0.0%
addins 1 1 0.0% 0.0%
Offline Web Pages 1 1 0.0% 0.0%
TAPI 1 1 0.0% 0.0%
DigitalLocker 0 0 0.0% 0.0%
Downloaded Program Files 0 0 0.0% 0.0%
LiveKernelReports 0 0 0.0% 0.0%
Options 0 0 0.0% 0.0%
PCHEALTH 0 0 0.0% 0.0%
SchCache 0 0 0.0% 0.0%
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I see that your Windows folder is using around 80GB. That is too much. Start JDiskReport again. On the first screen click to scan

Scan a file tree

Now browse and select this folder

C:\Windows\systme32\

After the scan click View from menu and press Copy table to clipboard. Post that log here for me.

As you can see C:\Windows\systme32\ is largest folder in last scan. To speed thing up please do the same thing with next largest folder after this scan until we narrow the problems. Please post each of this logs to me. So I can see what you were doing.
  • 0

#12
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Size details for C:\Windows\System32

Name File Size Files % of Parent % of Total
C:\Windows\System32 72,936,558 19,506 100.0% 100.0%
config 70,211,391 5,956 96.3% 96.3%
Files in this directory 1,118,358 2,875 1.5% 1.5%
DriverStore 915,953 5,790 1.3% 1.3%
Recovery 141,883 2 0.2% 0.2%
winevt 91,056 76 0.1% 0.1%
wdi 84,285 146 0.1% 0.1%
drivers 48,077 445 0.1% 0.1%
wbem 41,766 369 0.1% 0.1%
en-US 34,252 1,352 0.0% 0.0%
IME 34,096 55 0.0% 0.0%
migwiz 32,670 387 0.0% 0.0%
spool 32,207 277 0.0% 0.0%
catroot 26,020 830 0.0% 0.0%
Speech 25,835 18 0.0% 0.0%
catroot2 18,794 8 0.0% 0.0%
oobe 12,238 41 0.0% 0.0%
Macromed 10,832 6 0.0% 0.0%
SMI 10,435 14 0.0% 0.0%
WindowsPowerShell 8,540 132 0.0% 0.0%
Msdtc 4,149 3 0.0% 0.0%
CodeIntegrity 3,951 2 0.0% 0.0%
migration 3,594 47 0.0% 0.0%
Dism 3,387 30 0.0% 0.0%
AdvancedInstallers 2,913 6 0.0% 0.0%
manifeststore 2,030 5 0.0% 0.0%
en 1,806 4 0.0% 0.0%
spp 1,759 110 0.0% 0.0%
RTCOM 1,480 3 0.0% 0.0%
Microsoft 1,107 20 0.0% 0.0%
Boot 991 4 0.0% 0.0%
sysprep 750 13 0.0% 0.0%
Setup 696 7 0.0% 0.0%
NDF 640 1 0.0% 0.0%
Printing_Admin_Scripts 414 7 0.0% 0.0%
com 303 7 0.0% 0.0%
de-DE 244 8 0.0% 0.0%
el-GR 244 8 0.0% 0.0%
fr-FR 240 8 0.0% 0.0%
it-IT 239 8 0.0% 0.0%
Tasks 236 69 0.0% 0.0%
es-ES 234 8 0.0% 0.0%
nl-NL 233 8 0.0% 0.0%
pt-PT 229 9 0.0% 0.0%
pl-PL 228 8 0.0% 0.0%
hu-HU 225 8 0.0% 0.0%
cs-CZ 223 8 0.0% 0.0%
pt-BR 223 7 0.0% 0.0%
ru-RU 223 8 0.0% 0.0%
fi-FI 222 8 0.0% 0.0%
da-DK 220 8 0.0% 0.0%
sv-SE 220 8 0.0% 0.0%
DRVSTORE 218 9 0.0% 0.0%
tr-TR 216 8 0.0% 0.0%
nb-NO 212 7 0.0% 0.0%
ar-SA 202 7 0.0% 0.0%
he-IL 192 7 0.0% 0.0%
bg-BG 173 5 0.0% 0.0%
NetworkList 170 40 0.0% 0.0%
sr-Latn-CS 170 5 0.0% 0.0%
sk-SK 170 5 0.0% 0.0%
ro-RO 169 5 0.0% 0.0%
ja-JP 169 9 0.0% 0.0%
hr-HR 168 5 0.0% 0.0%
uk-UA 167 5 0.0% 0.0%
ko-KR 166 9 0.0% 0.0%
lv-LV 166 5 0.0% 0.0%
sl-SI 166 5 0.0% 0.0%
lt-LT 165 5 0.0% 0.0%
et-EE 161 5 0.0% 0.0%
th-TH 157 5 0.0% 0.0%
zh-CN 146 9 0.0% 0.0%
zh-TW 146 9 0.0% 0.0%
winrm 100 1 0.0% 0.0%
Atheros_L1e 81 1 0.0% 0.0%
WinBioPlugIns 71 4 0.0% 0.0%
zh-HK 65 5 0.0% 0.0%
WCN 61 1 0.0% 0.0%
slmgr 38 1 0.0% 0.0%
icsxml 37 5 0.0% 0.0%
sppui 31 4 0.0% 0.0%
ras 24 4 0.0% 0.0%
wfp 16 1 0.0% 0.0%
MUI 12 1 0.0% 0.0%
LogFiles 9 53 0.0% 0.0%
ias 6 1 0.0% 0.0%
nn-NO 3 1 0.0% 0.0%
es 3 1 0.0% 0.0%
hu 2 1 0.0% 0.0%
ru 2 1 0.0% 0.0%
cs 2 1 0.0% 0.0%
da 2 1 0.0% 0.0%
de 2 1 0.0% 0.0%
el 2 1 0.0% 0.0%
fi 2 1 0.0% 0.0%
fr 2 1 0.0% 0.0%
it 2 1 0.0% 0.0%
nl 2 1 0.0% 0.0%
no 2 1 0.0% 0.0%
pl 2 1 0.0% 0.0%
sk 2 1 0.0% 0.0%
sv 2 1 0.0% 0.0%
tr 2 1 0.0% 0.0%
restore 1 1 0.0% 0.0%
0409 0 0 0.0% 0.0%
FxsTmp 0 0 0.0% 0.0%
GroupPolicy 0 0 0.0% 0.0%
GroupPolicyUsers 0 0 0.0% 0.0%
inetsrv 0 0 0.0% 0.0%
sda 0 0 0.0% 0.0%
WinBioDatabase 0 0 0.0% 0.0%
  • 0

#13
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Size details for C:\Windows\System32\config

Name File Size Files % of Parent % of Total
C:\Windows\System32\config 70,211,391 5,956 100.0% 100.0%
systemprofile 70,006,042 5,892 99.7% 99.7%
Files in this directory 104,009 35 0.1% 0.1%
RegBack 68,316 15 0.1% 0.1%
TxR 33,024 14 0.0% 0.0%
Journal 0 0 0.0% 0.0%
  • 0

#14
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Size details for C:\Windows\System32\config\systemprofile

Name File Size Files % of Parent % of Total
C:\Windows\System32\config\systemprofile 70,006,042 0 100.0% 100.0%
AppData 70,004,686 0 100.0% 100.0%
Files in this directory 1,354 7 0.0% 0.0%
Favorites 2 0 0.0% 0.0%
  • 0

#15
Nikkekoi

Nikkekoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Size details for C:\Windows\System32\config\systemprofile\AppData

Name File Size Files % of Parent % of Total
C:\Windows\System32\config\systemprofile\AppData 70,004,686 0 100.0% 100.0%
Local 69,998,950 0 100.0% 100.0%
Roaming 5,557 0 0.0% 0.0%
LocalLow 180 0 0.0% 0.0%
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP