Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WIN 7 Locks Up, Icon Loss, Blue Screen [Solved]


  • This topic is locked This topic is locked

#1
ular

ular

    Member

  • Member
  • PipPip
  • 37 posts
Hello,

Happy Thanksgiving!

For several days PC has experienced lock up after about 15 minutes of run time. It appears that icons are missing from the desktop. Also, Win Explorer sometimes does not show all the installed drives. Today, I also experienced a "blue screen". I am here because I am lost. I have run MalwareBytes, Avira scan, and Kaspersky with zero detection. Please help!

I have attached the OTL log below:

OTL logfile created on: 12/11/22 17:37:29 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XPS_2008\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yy/MM/dd

3.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.74% Memory free
5.99 Gb Paging File | 4.65 Gb Available in Paging File | 77.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 288.30 Gb Free Space | 61.90% Space Free | Partition Type: NTFS
Drive D: | 461.06 Gb Total Space | 34.69 Gb Free Space | 7.52% Space Free | Partition Type: NTFS
Drive E: | 634.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 465.76 Gb Total Space | 308.63 Gb Free Space | 66.26% Space Free | Partition Type: NTFS

Computer Name: XPS_2008-PC | User Name: XPS_2008 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/22 17:34:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XPS_2008\Desktop\OTL.exe
PRC - [2012/11/13 04:57:45 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/10/28 13:15:11 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/19 21:04:11 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/19 17:58:32 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/19 17:01:16 | 001,821,032 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/19 17:00:57 | 000,865,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/10/16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/09/19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/21 08:10:48 | 005,092,152 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\LCore.exe
PRC - [2012/05/09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/25 21:48:46 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/05 18:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2010/05/05 18:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2006/12/12 18:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 16:05:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 16:05:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 16:05:28 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 16:05:19 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/28 13:15:11 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- D:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/05 18:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/03/26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL


========== Services (SafeList) ==========

SRV - [2012/10/28 13:15:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/19 21:04:11 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/19 17:58:32 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/10/16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 17:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/07/09 17:10:10 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) [Disabled | Stopped] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/05/08 13:13:57 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/05/08 13:06:53 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/11/19 05:39:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/11/13 04:58:10 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/11/13 04:58:10 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/13 04:58:10 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/10/19 21:04:11 | 009,356,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/07/03 08:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/06/24 21:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/12/19 11:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 05:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 13:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/05 21:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2010/05/05 21:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/05/05 21:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2010/05/05 21:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/05/05 21:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2010/05/05 21:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2010/05/05 20:29:18 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/05/05 20:29:10 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/05/05 20:29:02 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/05/05 20:28:54 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/05/05 20:24:44 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/05/05 20:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/05/05 20:24:24 | 000,526,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/05/05 20:24:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/11/23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2001/08/17 21:06:20 | 000,100,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Icam5USB.sys -- (ICAM5USB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 E3 56 C0 8C A2 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A9C475D2-0D39-C58A-F73C-57614B472EAC}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6PQIs84aAX&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wundergro... Fruitland, ID"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.8.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: [email protected]:2.7.1
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: D:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/24 21:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/24 21:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/07 18:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/07 18:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/07 18:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/07 18:33:09 | 000,000,000 | ---D | M]

[2012/09/03 20:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Extensions
[2012/06/03 10:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/11/14 05:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions
[2012/09/11 09:41:57 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/09/20 04:09:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\[email protected]
[2012/09/11 09:41:59 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/10/31 19:32:26 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\[email protected]
[2012/10/06 07:03:31 | 000,041,896 | ---- | M] () (No name found) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\[email protected]
[2012/11/14 05:20:47 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/28 13:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/31 18:21:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/28 13:15:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/28 13:15:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/28 13:15:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/28 13:15:11 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/24 19:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/23 21:02:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/10/13 06:42:57 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2011/07/03 09:31:17 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75D5DEA9-9E2F-4048-8506-1A5C9D5549AB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/02/07 06:12:06 | 000,000,026 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/22 17:34:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XPS_2008\Desktop\OTL.exe
[2012/11/22 17:31:56 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
[2012/11/22 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\EMET
[2012/11/22 17:03:14 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2012/11/17 11:39:53 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Desktop\GooredFix Backups
[2012/11/17 10:49:57 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\logs
[2012/11/17 10:49:56 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\appcache
[2012/11/17 10:49:53 | 008,018,080 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamclient64.dll
[2012/11/17 10:49:53 | 000,688,464 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayRenderer64.dll
[2012/11/17 10:49:53 | 000,279,376 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\tier0_s64.dll
[2012/11/17 10:49:53 | 000,278,352 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\crashhandler.dll
[2012/11/17 10:49:53 | 000,250,704 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\vstdlib_s64.dll
[2012/11/17 10:49:53 | 000,202,576 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamerrorreporter.exe
[2012/11/17 10:49:52 | 006,839,632 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamclient.dll
[2012/11/17 10:49:52 | 000,587,088 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayRenderer.dll
[2012/11/17 10:49:52 | 000,563,536 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\AppOverlay64.dll
[2012/11/17 10:49:52 | 000,539,472 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\AppOverlay.dll
[2012/11/17 10:49:52 | 000,237,904 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\tier0_s.dll
[2012/11/17 10:49:52 | 000,212,304 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\vstdlib_s.dll
[2012/11/17 10:49:52 | 000,122,864 | ---- | C] (Valve) -- C:\Users\XPS_2008\Documents\CSERHelper.dll
[2012/11/17 10:49:52 | 000,071,464 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayUI.exe
[2012/11/17 10:49:52 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\skins
[2012/11/17 10:49:52 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\resource
[2012/11/17 10:49:52 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\Graphics
[2012/11/17 10:49:51 | 004,061,008 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\SteamUI.dll
[2012/11/17 10:49:51 | 002,975,568 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\Steam.dll
[2012/11/17 10:49:51 | 000,284,456 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\WriteMiniDump.exe
[2012/11/17 10:49:51 | 000,000,000 | -H-D | C] -- C:\Users\XPS_2008\Documents\old
[2012/11/17 10:49:51 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\Public
[2012/11/17 10:49:51 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\bin
[2012/11/11 15:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2012/11/11 15:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/11/11 15:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/11/11 10:03:32 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/11/11 09:59:56 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro
[2012/11/11 09:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro
[2012/11/11 09:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Cleaner Pro
[2012/11/07 18:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/07 18:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/03 22:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/03 22:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012/11/03 08:53:43 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\AppData\Roaming\Avira
[2012/11/03 08:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/11/03 08:48:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/11/03 08:48:12 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012/11/03 08:48:12 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/11/03 08:48:11 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/11/03 08:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/11/03 08:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/11/01 17:12:24 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\Nathan Old Flashdrive
[2012/10/29 14:58:23 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\AppData\Local\WinZip
[2012/10/29 14:58:01 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\Add-in Express
[2012/10/29 14:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/10/29 14:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/10/28 13:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/12/17 02:35:29 | 000,980,616 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2011/12/13 19:22:39 | 000,840,864 | ---- | C] (Amazon Services LLC) -- C:\Program Files\Battlefield_3_Downloader.exe
[2010/12/06 16:49:10 | 2105,058,298 | ---- | C] (Nexon) -- C:\Program Files\VindictusSetupV113.exe

========== Files - Modified Within 30 Days ==========

[2012/11/22 17:35:39 | 000,021,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 17:35:39 | 000,021,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 17:34:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XPS_2008\Desktop\OTL.exe
[2012/11/22 17:32:43 | 000,746,308 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/11/22 17:32:43 | 000,746,152 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/11/22 17:32:43 | 000,714,632 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/11/22 17:32:43 | 000,663,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/22 17:32:43 | 000,480,070 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2012/11/22 17:32:43 | 000,158,198 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/11/22 17:32:43 | 000,149,166 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/11/22 17:32:43 | 000,147,354 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/11/22 17:32:43 | 000,122,068 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/22 17:32:43 | 000,094,664 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2012/11/22 17:28:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/22 17:27:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/22 17:27:53 | 359,867,112 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/22 17:27:52 | 2413,834,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/22 17:01:44 | 000,054,928 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/11/22 17:01:44 | 000,054,928 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/11/22 17:01:44 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/11/22 16:58:53 | 000,413,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/22 16:47:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/17 11:11:43 | 000,004,554 | ---- | M] () -- C:\Users\XPS_2008\Documents\ClientRegistry.blob
[2012/11/17 10:49:53 | 008,018,080 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamclient64.dll
[2012/11/17 10:49:53 | 000,688,464 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayRenderer64.dll
[2012/11/17 10:49:53 | 000,279,376 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\tier0_s64.dll
[2012/11/17 10:49:53 | 000,278,352 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\crashhandler.dll
[2012/11/17 10:49:53 | 000,250,704 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\vstdlib_s64.dll
[2012/11/17 10:49:53 | 000,202,576 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamerrorreporter.exe
[2012/11/17 10:49:53 | 000,123,232 | ---- | M] () -- C:\Users\XPS_2008\Documents\avutil-51.dll
[2012/11/17 10:49:53 | 000,025,521 | ---- | M] () -- C:\Users\XPS_2008\Documents\SteamUI_2026.mst
[2012/11/17 10:49:52 | 006,839,632 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamclient.dll
[2012/11/17 10:49:52 | 000,587,088 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayRenderer.dll
[2012/11/17 10:49:52 | 000,563,536 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\AppOverlay64.dll
[2012/11/17 10:49:52 | 000,539,472 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\AppOverlay.dll
[2012/11/17 10:49:52 | 000,237,904 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\tier0_s.dll
[2012/11/17 10:49:52 | 000,212,304 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\vstdlib_s.dll
[2012/11/17 10:49:52 | 000,122,864 | ---- | M] (Valve) -- C:\Users\XPS_2008\Documents\CSERHelper.dll
[2012/11/17 10:49:52 | 000,071,464 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayUI.exe
[2012/11/17 10:49:51 | 004,061,008 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\SteamUI.dll
[2012/11/17 10:49:51 | 002,975,568 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\Steam.dll
[2012/11/17 10:49:51 | 000,284,456 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\WriteMiniDump.exe
[2012/11/17 10:49:11 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\Steam.exe
[2012/11/17 10:49:11 | 000,000,014 | ---- | M] () -- C:\Users\XPS_2008\Documents\Steam_68.mst
[2012/11/15 16:33:00 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2012/11/15 16:33:00 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2012/11/13 04:58:10 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012/11/13 04:58:10 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/11/13 04:58:10 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/11/11 21:33:26 | 000,011,466 | ---- | M] () -- C:\Users\XPS_2008\Documents\cc_20121111_213322.reg
[2012/11/11 21:05:57 | 000,003,360 | ---- | M] () -- C:\Users\XPS_2008\Documents\cc_20121111_210554.reg
[2012/11/11 21:01:49 | 000,000,687 | ---- | M] () -- C:\Users\XPS_2008\Desktop\Photographs.lnk
[2012/11/09 19:35:32 | 000,005,720 | ---- | M] () -- C:\Users\XPS_2008\Documents\cc_20121109_193529.reg
[2012/11/09 19:06:23 | 000,007,601 | ---- | M] () -- C:\Users\XPS_2008\AppData\Local\Resmon.ResmonCfg
[2012/11/09 05:18:48 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/07 18:39:03 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/07 18:35:50 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/07 18:33:01 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/03 08:48:21 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/11/01 18:23:23 | 000,223,752 | ---- | M] () -- C:\Users\XPS_2008\Documents\Floater_TicketFly_099065438424.pdf
[2012/11/01 17:08:25 | 004,410,054 | ---- | M] () -- C:\Windows\ACD Wallpaper.bmp

========== Files Created - No Company Name ==========

[2012/11/22 17:27:53 | 359,867,112 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/22 16:58:38 | 000,413,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/17 10:49:53 | 000,123,232 | ---- | C] () -- C:\Users\XPS_2008\Documents\avutil-51.dll
[2012/11/17 10:49:53 | 000,025,521 | ---- | C] () -- C:\Users\XPS_2008\Documents\SteamUI_2026.mst
[2012/11/17 10:49:11 | 000,000,014 | ---- | C] () -- C:\Users\XPS_2008\Documents\Steam_68.mst
[2012/11/17 10:49:05 | 000,004,554 | ---- | C] () -- C:\Users\XPS_2008\Documents\ClientRegistry.blob
[2012/11/15 06:07:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 06:07:25 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/11 21:33:24 | 000,011,466 | ---- | C] () -- C:\Users\XPS_2008\Documents\cc_20121111_213322.reg
[2012/11/11 21:05:55 | 000,003,360 | ---- | C] () -- C:\Users\XPS_2008\Documents\cc_20121111_210554.reg
[2012/11/11 21:01:49 | 000,000,687 | ---- | C] () -- C:\Users\XPS_2008\Desktop\Photographs.lnk
[2012/11/11 15:35:49 | 003,544,134 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/11/11 15:33:47 | 000,011,545 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/11/09 19:35:30 | 000,005,720 | ---- | C] () -- C:\Users\XPS_2008\Documents\cc_20121109_193529.reg
[2012/11/07 18:33:01 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/03 08:48:21 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/11/01 18:23:23 | 000,223,752 | ---- | C] () -- C:\Users\XPS_2008\Documents\Floater_TicketFly_099065438424.pdf
[2012/07/04 17:44:50 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012/06/02 11:54:58 | 000,000,312 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2012/05/28 16:02:19 | 000,480,070 | ---- | C] () -- C:\Windows\System32\perfh001.dat
[2012/05/28 16:02:19 | 000,289,060 | ---- | C] () -- C:\Windows\System32\perfi001.dat
[2012/05/28 16:02:19 | 000,094,664 | ---- | C] () -- C:\Windows\System32\perfc001.dat
[2012/05/28 16:02:19 | 000,042,056 | ---- | C] () -- C:\Windows\System32\perfd001.dat
[2012/03/04 14:59:04 | 000,000,040 | ---- | C] () -- C:\Users\XPS_2008\jagex_cl_runescape_LIVE.dat
[2012/01/26 20:14:36 | 000,139,136 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/01/26 20:14:18 | 000,233,920 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/01/26 20:14:17 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/01/25 19:37:57 | 002,580,552 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/09/29 23:09:22 | 000,138,056 | ---- | C] () -- C:\Users\XPS_2008\AppData\Roaming\PnkBstrK.sys
[2011/09/25 12:49:02 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/08/10 10:37:45 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/08/10 10:37:45 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/06/14 19:43:29 | 000,000,023 | ---- | C] () -- C:\Users\XPS_2008\jagexappletviewer.preferences
[2011/05/26 19:18:45 | 000,000,129 | ---- | C] () -- C:\Users\XPS_2008\jagex_runescape_preferences2.dat
[2011/05/26 19:16:55 | 000,000,035 | ---- | C] () -- C:\Users\XPS_2008\jagex_runescape_preferences.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/02/23 06:33:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/23 06:33:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/02 21:10:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/01 12:57:15 | 000,009,728 | ---- | C] () -- C:\Users\XPS_2008\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 01:03:47 | 000,065,252 | ---- | C] () -- C:\Windows\System32\claptn.ini
[2010/12/31 01:03:36 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2010/12/31 01:03:36 | 000,037,888 | ---- | C] () -- C:\Windows\PSCONV.EXE
[2010/12/26 09:41:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/26 09:41:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/26 09:41:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/26 09:41:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/26 09:41:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/26 08:44:58 | 000,000,691 | ---- | C] () -- C:\Users\XPS_2008\AppData\Roaming\GetValue.vbs
[2010/12/26 08:44:58 | 000,000,035 | ---- | C] () -- C:\Users\XPS_2008\AppData\Roaming\SetValue.bat
[2010/12/24 02:28:22 | 000,007,601 | ---- | C] () -- C:\Users\XPS_2008\AppData\Local\Resmon.ResmonCfg
[2010/12/17 20:21:22 | 000,189,736 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/15 23:30:22 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\.minecraft
[2012/09/09 14:31:58 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\25Assist
[2012/11/09 05:49:09 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Ad-Aware Antivirus
[2010/11/29 12:49:17 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Amazon
[2011/12/02 17:30:47 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\BANDISOFT
[2010/12/24 14:57:57 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Bioshock
[2011/01/13 19:29:57 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Bioshock2
[2011/07/09 08:47:15 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\calibre
[2012/04/15 09:05:05 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\IObit
[2010/11/20 11:40:16 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Leadertech
[2011/12/17 00:57:51 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\LolClient
[2012/05/23 20:39:52 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\LolClient2
[2012/08/27 17:42:51 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Origin
[2010/12/12 12:16:30 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Subversion
[2010/11/19 20:34:37 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\SystemRequirementsLab
[2010/11/21 11:11:28 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Temp
[2012/06/03 10:03:24 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Thunderbird
[2011/08/03 06:42:57 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Tific
[2011/01/01 14:11:07 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\WindSolutions
[2012/09/02 12:57:06 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\ZalmanInstaller_otshot

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

  • Please download on the desktop RogueKiller (by tigzy).
  • Quit all programs.
  • Run RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan.
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop. We can also open it with the Report button.
  • Please copy content of report and post it in your next reply.

  • 0

#3
ular

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi, Render. Thank you for your quick response. Yes, I do have the WIN7 CD. Below is the RogueKiller Report:


RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : XPS_2008 [Admin rights]
Mode : Scan -- Date : 11/23/2012 10:54:52

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8385F06D -> HOOKED (Unknown @ 0x91E538A6)
SSDT[299] : NtRequestWaitReplyPort @ 0x83879A63 -> HOOKED (Unknown @ 0x91E538B0)
SSDT[316] : NtSetContextThread @ 0x83919745 -> HOOKED (Unknown @ 0x91E538AB)
SSDT[347] : NtSetSecurityObject @ 0x8383D742 -> HOOKED (Unknown @ 0x91E538B5)
SSDT[368] : NtSystemDebugControl @ 0x838C16BC -> HOOKED (Unknown @ 0x91E538BA)
SSDT[370] : NtTerminateProcess @ 0x83896BFB -> HOOKED (Unknown @ 0x91E53847)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x91E538CE)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x91E538D3)

¤¤¤ Extern Hives: ¤¤¤
-> D:\Documents and Settings\Administrator\NTUSER.DAT
-> D:\Documents and Settings\All Users\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\LocalService\NTUSER.DAT
-> D:\Documents and Settings\NetworkService\NTUSER.DAT
-> D:\Documents and Settings\Westfall\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
--- User ---
[MBR] 7508b1495e591fb5c2f7e10c72cc44d7
[BSP] 15df81d015d483f7a530b10311b4c492 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: ST350063 0AS SCSI Disk Device +++++
--- User ---
[MBR] 866a91221fe9e4a4d66716834e8b8855
[BSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 472129 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 967032675 | Size: 4753 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_11232012_02d1054.txt >>
RKreport[1]_S_11232012_02d1054.txt

Edited by ular, 23 November 2012 - 12:00 PM.

  • 0

#4
ular

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi, also tried to start MS Word and error message states "cannot start program missing gfx.dll"
  • 0

#5
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please close RogueKiller and follow the steps below:

Please download WhoCrashed from here to your Desktop.
Install it and run it.
Click on Analyze button.
Select all (CTRL+A) and then copy (CTRL+C).
Paste (CTRL+V) contents of clipboard in your next reply.

NEXT...

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemdrive%\$Recycle.Bin|@;true;true;true
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    %systemroot%\*. /mp /s
    %Temp%\smtmp\*.* /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#6
ular

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
May be no crash dumps as I used CCleaner before I went to bed last night..

--------------------------------------------------------------------------------
Welcome to WhoCrashed (HOME EDITION) v 4.01
--------------------------------------------------------------------------------

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. It will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.

To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...



--------------------------------------------------------------------------------
Home Edition Notice
--------------------------------------------------------------------------------

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.


--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------

computer name: XPS_2008-PC
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: GenuineIntel Intel® Core™2 Quad CPU Q6600 @ 2.40GHz Intel586, level: 6
4 logical processors, active mask: 15
RAM: 3218448384 total
VM: 2147352576, free: 1978396672




--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

No valid crash dumps have been found on your computer

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled but no valid crash dumps have been found. It may be that there are problems which prevent crash dumps from being written out. Check out the following article for possible causes: If crash dumps are not written out.

In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Check out the following articles for more information: Troubleshooting sudden resets and shut downs.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Edited by ular, 23 November 2012 - 01:02 PM.

  • 0

#7
ular

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTL logfile created on: 12/11/23 11:59:34 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\AntiVi
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yy/MM/dd

3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.45% Memory free
5.99 Gb Paging File | 4.73 Gb Available in Paging File | 78.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 287.68 Gb Free Space | 61.77% Space Free | Partition Type: NTFS
Drive D: | 461.06 Gb Total Space | 34.69 Gb Free Space | 7.52% Space Free | Partition Type: NTFS
Drive E: | 634.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: XPS_2008-PC | User Name: XPS_2008 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/22 17:34:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\AntiVi\OTL.exe
PRC - [2012/11/13 04:57:45 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/10/28 13:15:11 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/19 21:04:11 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/19 17:58:32 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/19 17:01:16 | 001,821,032 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/19 17:00:57 | 000,865,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/10/16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/09/19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/21 08:10:48 | 005,092,152 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\LCore.exe
PRC - [2012/05/09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/25 21:48:46 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/05 18:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2010/05/05 18:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2006/12/12 18:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 16:05:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 16:05:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 16:05:28 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 16:05:19 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/28 13:15:11 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- D:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/05 18:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/03/26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL


========== Services (SafeList) ==========

SRV - [2012/10/28 13:15:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/19 21:04:11 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/19 17:58:32 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/10/16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 17:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/07/09 17:10:10 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) [Disabled | Stopped] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/05/08 13:13:57 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/05/08 13:06:53 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/11/19 05:39:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\XPS_2008\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/23 10:54:14 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2012/11/22 18:24:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/11/13 04:58:10 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/11/13 04:58:10 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/13 04:58:10 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/10/19 21:04:11 | 009,356,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/07/03 08:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/06/24 21:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/12/19 11:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 05:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 13:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/05 21:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2010/05/05 21:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/05/05 21:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2010/05/05 21:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/05/05 21:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2010/05/05 21:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2010/05/05 20:29:18 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/05/05 20:29:10 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/05/05 20:29:02 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/05/05 20:28:54 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/05/05 20:24:44 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/05/05 20:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/05/05 20:24:24 | 000,526,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/05/05 20:24:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/11/23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2001/08/17 21:06:20 | 000,100,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Icam5USB.sys -- (ICAM5USB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 E3 56 C0 8C A2 CB 01 [binary data]
IE - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001\..\SearchScopes\{A9C475D2-0D39-C58A-F73C-57614B472EAC}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-2046201742-2579986617-2449524958-1013\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wundergro... Fruitland, ID"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.8.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: [email protected]:2.7.1
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: D:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/24 21:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/24 21:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/07 18:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/07 18:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/07 18:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/07 18:33:09 | 000,000,000 | ---D | M]

[2012/09/03 20:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Extensions
[2012/06/03 10:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/11/22 18:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions
[2012/09/11 09:41:57 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/09/20 04:09:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\[email protected]
[2012/09/11 09:41:59 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/10/31 19:32:26 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\[email protected]
[2012/10/06 07:03:31 | 000,041,896 | ---- | M] () (No name found) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\[email protected]
[2012/11/22 18:13:05 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\XPS_2008\AppData\Roaming\Mozilla\Firefox\Profiles\46yfsu9z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/28 13:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/31 18:21:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/28 13:15:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/28 13:15:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/28 13:15:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/28 13:15:11 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/24 19:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/23 21:02:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/10/13 06:42:57 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/11/23 10:29:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001..\Run: [SetDefaultMIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2046201742-2579986617-2449524958-1013..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2046201742-2579986617-2449524958-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2046201742-2579986617-2449524958-1013\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75D5DEA9-9E2F-4048-8506-1A5C9D5549AB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/02/07 06:12:06 | 000,000,026 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/23 11:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2012/11/23 11:53:02 | 002,043,928 | ---- | C] (Resplendence Software Projects Sp. ) -- C:\Users\XPS_2008\Desktop\whocrashedSetup.exe
[2012/11/23 11:51:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/23 11:28:17 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forums_files
[2012/11/23 10:35:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/23 10:29:17 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\AppData\Local\temp
[2012/11/22 21:33:19 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Desktop\RK_Quarantine
[2012/11/22 18:24:16 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/11/22 17:31:56 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
[2012/11/22 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\EMET
[2012/11/22 17:03:14 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2012/11/17 10:49:57 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\logs
[2012/11/17 10:49:56 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\appcache
[2012/11/17 10:49:53 | 008,018,080 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamclient64.dll
[2012/11/17 10:49:53 | 000,688,464 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayRenderer64.dll
[2012/11/17 10:49:53 | 000,279,376 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\tier0_s64.dll
[2012/11/17 10:49:53 | 000,278,352 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\crashhandler.dll
[2012/11/17 10:49:53 | 000,250,704 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\vstdlib_s64.dll
[2012/11/17 10:49:53 | 000,202,576 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamerrorreporter.exe
[2012/11/17 10:49:52 | 006,839,632 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamclient.dll
[2012/11/17 10:49:52 | 000,587,088 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayRenderer.dll
[2012/11/17 10:49:52 | 000,563,536 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\AppOverlay64.dll
[2012/11/17 10:49:52 | 000,539,472 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\AppOverlay.dll
[2012/11/17 10:49:52 | 000,237,904 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\tier0_s.dll
[2012/11/17 10:49:52 | 000,212,304 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\vstdlib_s.dll
[2012/11/17 10:49:52 | 000,122,864 | ---- | C] (Valve) -- C:\Users\XPS_2008\Documents\CSERHelper.dll
[2012/11/17 10:49:52 | 000,071,464 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayUI.exe
[2012/11/17 10:49:52 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\skins
[2012/11/17 10:49:52 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\resource
[2012/11/17 10:49:52 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\Graphics
[2012/11/17 10:49:51 | 004,061,008 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\SteamUI.dll
[2012/11/17 10:49:51 | 002,975,568 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\Steam.dll
[2012/11/17 10:49:51 | 001,039,192 | ---- | C] (Microsoft Corporation) -- C:\Users\XPS_2008\Documents\dbghelp.dll
[2012/11/17 10:49:51 | 000,284,456 | ---- | C] (Valve Corporation) -- C:\Users\XPS_2008\Documents\WriteMiniDump.exe
[2012/11/17 10:49:51 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\Public
[2012/11/17 10:49:51 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\old
[2012/11/17 10:49:51 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\bin
[2012/11/15 06:07:50 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/11/15 06:07:50 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/11/15 06:07:26 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/11/15 06:07:25 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/11/15 06:07:25 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/11/15 06:07:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/15 06:07:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/15 06:07:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/15 06:07:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/15 06:07:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/15 06:06:59 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/15 06:06:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/15 06:06:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/15 05:18:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012/11/15 05:18:36 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012/11/15 05:18:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/11/15 05:18:33 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/15 05:18:32 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/15 05:18:31 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012/11/15 05:18:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012/11/11 15:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2012/11/11 15:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/11/11 15:35:49 | 003,984,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/11/11 15:35:49 | 002,868,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/11/11 15:35:49 | 000,108,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/11/11 15:35:49 | 000,062,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/11/11 15:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/11/11 15:33:47 | 020,332,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/11/11 15:33:47 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/11/11 15:33:47 | 015,115,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/11/11 15:33:47 | 012,542,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/11/11 15:33:47 | 009,356,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/11/11 15:33:47 | 007,815,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/11/11 15:33:47 | 006,147,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2012/11/11 15:33:47 | 002,605,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/11/11 15:33:47 | 002,492,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/11/11 15:33:47 | 001,873,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/11/11 15:33:47 | 001,011,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/11/11 15:33:47 | 000,889,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2012/11/11 15:33:47 | 000,884,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2012/11/11 15:33:47 | 000,839,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2012/11/11 15:33:47 | 000,199,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2012/11/11 15:33:47 | 000,149,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2012/11/11 15:33:47 | 000,028,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2012/11/11 10:03:32 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/11/11 09:59:56 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro
[2012/11/11 09:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro
[2012/11/11 09:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Cleaner Pro
[2012/11/07 18:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/07 18:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/03 22:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/03 22:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012/11/03 08:53:43 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\AppData\Roaming\Avira
[2012/11/03 08:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/11/03 08:48:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/11/03 08:48:12 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012/11/03 08:48:12 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/11/03 08:48:11 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/11/03 08:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/11/03 08:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/11/01 17:12:24 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\Nathan Old Flashdrive
[2012/10/29 14:58:23 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\AppData\Local\WinZip
[2012/10/29 14:58:01 | 000,000,000 | ---D | C] -- C:\Users\XPS_2008\Documents\Add-in Express
[2012/10/29 14:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/10/29 14:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/10/28 13:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2011/12/17 02:35:29 | 000,980,616 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2011/12/13 19:22:39 | 000,840,864 | ---- | C] (Amazon Services LLC) -- C:\Program Files\Battlefield_3_Downloader.exe
[2010/12/06 16:49:10 | 2105,058,298 | ---- | C] (Nexon) -- C:\Program Files\VindictusSetupV113.exe

========== Files - Modified Within 30 Days ==========

[2012/11/23 11:53:43 | 000,001,032 | ---- | M] () -- C:\Users\XPS_2008\Desktop\WhoCrashed.lnk
[2012/11/23 11:53:05 | 002,043,928 | ---- | M] (Resplendence Software Projects Sp. ) -- C:\Users\XPS_2008\Desktop\whocrashedSetup.exe
[2012/11/23 11:47:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/23 11:29:22 | 000,021,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 11:29:22 | 000,021,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 11:28:17 | 000,117,140 | ---- | M] () -- C:\Users\XPS_2008\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forums.htm
[2012/11/23 11:26:36 | 000,746,308 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/11/23 11:26:36 | 000,746,152 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/11/23 11:26:36 | 000,714,632 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/11/23 11:26:36 | 000,663,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/23 11:26:36 | 000,480,070 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2012/11/23 11:26:36 | 000,158,198 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/11/23 11:26:36 | 000,149,166 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/11/23 11:26:36 | 000,147,354 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/11/23 11:26:36 | 000,122,068 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/23 11:26:36 | 000,094,664 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2012/11/23 11:21:58 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 11:21:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/23 11:21:40 | 2413,834,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 10:54:14 | 000,014,336 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/11/23 10:51:33 | 000,054,928 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/11/23 10:51:33 | 000,054,928 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/11/23 10:51:33 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/11/23 10:29:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/22 18:24:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/11/17 11:11:43 | 000,004,554 | ---- | M] () -- C:\Users\XPS_2008\Documents\ClientRegistry.blob
[2012/11/17 10:49:53 | 008,018,080 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamclient64.dll
[2012/11/17 10:49:53 | 000,688,464 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayRenderer64.dll
[2012/11/17 10:49:53 | 000,279,376 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\tier0_s64.dll
[2012/11/17 10:49:53 | 000,278,352 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\crashhandler.dll
[2012/11/17 10:49:53 | 000,250,704 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\vstdlib_s64.dll
[2012/11/17 10:49:53 | 000,202,576 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamerrorreporter.exe
[2012/11/17 10:49:53 | 000,123,232 | ---- | M] () -- C:\Users\XPS_2008\Documents\avutil-51.dll
[2012/11/17 10:49:53 | 000,025,521 | ---- | M] () -- C:\Users\XPS_2008\Documents\SteamUI_2026.mst
[2012/11/17 10:49:52 | 006,839,632 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\steamclient.dll
[2012/11/17 10:49:52 | 000,587,088 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayRenderer.dll
[2012/11/17 10:49:52 | 000,563,536 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\AppOverlay64.dll
[2012/11/17 10:49:52 | 000,539,472 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\AppOverlay.dll
[2012/11/17 10:49:52 | 000,237,904 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\tier0_s.dll
[2012/11/17 10:49:52 | 000,212,304 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\vstdlib_s.dll
[2012/11/17 10:49:52 | 000,122,864 | ---- | M] (Valve) -- C:\Users\XPS_2008\Documents\CSERHelper.dll
[2012/11/17 10:49:52 | 000,071,464 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\GameOverlayUI.exe
[2012/11/17 10:49:51 | 004,061,008 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\SteamUI.dll
[2012/11/17 10:49:51 | 002,975,568 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\Steam.dll
[2012/11/17 10:49:51 | 001,039,192 | ---- | M] (Microsoft Corporation) -- C:\Users\XPS_2008\Documents\dbghelp.dll
[2012/11/17 10:49:51 | 000,284,456 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\WriteMiniDump.exe
[2012/11/17 10:49:11 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Users\XPS_2008\Documents\Steam.exe
[2012/11/17 10:49:11 | 000,000,014 | ---- | M] () -- C:\Users\XPS_2008\Documents\Steam_68.mst
[2012/11/15 16:33:00 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2012/11/15 16:33:00 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2012/11/13 04:58:10 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012/11/13 04:58:10 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/11/13 04:58:10 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/11/11 21:33:26 | 000,011,466 | ---- | M] () -- C:\Users\XPS_2008\Documents\cc_20121111_213322.reg
[2012/11/11 21:05:57 | 000,003,360 | ---- | M] () -- C:\Users\XPS_2008\Documents\cc_20121111_210554.reg
[2012/11/11 21:01:49 | 000,000,687 | ---- | M] () -- C:\Users\XPS_2008\Desktop\Photographs.lnk
[2012/11/09 19:35:32 | 000,005,720 | ---- | M] () -- C:\Users\XPS_2008\Documents\cc_20121109_193529.reg
[2012/11/09 19:06:23 | 000,007,601 | ---- | M] () -- C:\Users\XPS_2008\AppData\Local\Resmon.ResmonCfg
[2012/11/09 05:18:48 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/11/07 18:39:03 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/07 18:35:50 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/07 18:33:01 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/03 08:48:21 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/11/01 18:23:23 | 000,223,752 | ---- | M] () -- C:\Users\XPS_2008\Documents\Floater_TicketFly_099065438424.pdf
[2012/11/01 17:08:25 | 004,410,054 | ---- | M] () -- C:\Windows\ACD Wallpaper.bmp
[2012/10/25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

========== Files Created - No Company Name ==========

[2012/11/23 11:53:43 | 000,001,032 | ---- | C] () -- C:\Users\XPS_2008\Desktop\WhoCrashed.lnk
[2012/11/23 11:28:16 | 000,117,140 | ---- | C] () -- C:\Users\XPS_2008\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forums.htm
[2012/11/23 10:54:14 | 000,014,336 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/11/17 10:49:53 | 000,123,232 | ---- | C] () -- C:\Users\XPS_2008\Documents\avutil-51.dll
[2012/11/17 10:49:53 | 000,025,521 | ---- | C] () -- C:\Users\XPS_2008\Documents\SteamUI_2026.mst
[2012/11/17 10:49:11 | 000,000,014 | ---- | C] () -- C:\Users\XPS_2008\Documents\Steam_68.mst
[2012/11/17 10:49:05 | 000,004,554 | ---- | C] () -- C:\Users\XPS_2008\Documents\ClientRegistry.blob
[2012/11/15 06:07:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 06:07:25 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/11 21:33:24 | 000,011,466 | ---- | C] () -- C:\Users\XPS_2008\Documents\cc_20121111_213322.reg
[2012/11/11 21:05:55 | 000,003,360 | ---- | C] () -- C:\Users\XPS_2008\Documents\cc_20121111_210554.reg
[2012/11/11 21:01:49 | 000,000,687 | ---- | C] () -- C:\Users\XPS_2008\Desktop\Photographs.lnk
[2012/11/11 15:35:49 | 003,544,134 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/11/11 15:33:47 | 000,011,545 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/11/09 19:35:30 | 000,005,720 | ---- | C] () -- C:\Users\XPS_2008\Documents\cc_20121109_193529.reg
[2012/11/07 18:33:01 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/03 08:48:21 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/11/01 18:23:23 | 000,223,752 | ---- | C] () -- C:\Users\XPS_2008\Documents\Floater_TicketFly_099065438424.pdf
[2012/07/04 17:44:50 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012/06/02 11:54:58 | 000,000,312 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2012/05/28 16:02:19 | 000,480,070 | ---- | C] () -- C:\Windows\System32\perfh001.dat
[2012/05/28 16:02:19 | 000,289,060 | ---- | C] () -- C:\Windows\System32\perfi001.dat
[2012/05/28 16:02:19 | 000,094,664 | ---- | C] () -- C:\Windows\System32\perfc001.dat
[2012/05/28 16:02:19 | 000,042,056 | ---- | C] () -- C:\Windows\System32\perfd001.dat
[2012/03/04 14:59:04 | 000,000,040 | ---- | C] () -- C:\Users\XPS_2008\jagex_cl_runescape_LIVE.dat
[2012/01/26 20:14:36 | 000,139,136 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/01/26 20:14:18 | 000,233,920 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/01/26 20:14:17 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/01/25 19:37:57 | 002,580,552 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/09/29 23:09:22 | 000,138,056 | ---- | C] () -- C:\Users\XPS_2008\AppData\Roaming\PnkBstrK.sys
[2011/09/25 12:49:02 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/08/10 10:37:45 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/08/10 10:37:45 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/06/14 19:43:29 | 000,000,023 | ---- | C] () -- C:\Users\XPS_2008\jagexappletviewer.preferences
[2011/05/26 19:18:45 | 000,000,129 | ---- | C] () -- C:\Users\XPS_2008\jagex_runescape_preferences2.dat
[2011/05/26 19:16:55 | 000,000,035 | ---- | C] () -- C:\Users\XPS_2008\jagex_runescape_preferences.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/02/23 06:33:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/23 06:33:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/02 21:10:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/01 12:57:15 | 000,009,728 | ---- | C] () -- C:\Users\XPS_2008\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 01:03:47 | 000,065,252 | ---- | C] () -- C:\Windows\System32\claptn.ini
[2010/12/31 01:03:36 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2010/12/31 01:03:36 | 000,037,888 | ---- | C] () -- C:\Windows\PSCONV.EXE
[2010/12/26 09:41:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/26 09:41:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/26 09:41:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/26 09:41:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/26 09:41:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/26 08:44:58 | 000,000,035 | ---- | C] () -- C:\Users\XPS_2008\AppData\Roaming\SetValue.bat
[2010/12/24 02:28:22 | 000,007,601 | ---- | C] () -- C:\Users\XPS_2008\AppData\Local\Resmon.ResmonCfg
[2010/12/17 20:21:22 | 000,189,736 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/07/19 11:35:06 | 000,000,000 | ---D | M] -- C:\Users\Bleh\AppData\Roaming\Subversion
[2011/07/19 11:33:04 | 000,000,000 | ---D | M] -- C:\Users\Testing\AppData\Roaming\Subversion
[2012/09/15 23:30:22 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\.minecraft
[2012/09/09 14:31:58 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\25Assist
[2012/11/09 05:49:09 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Ad-Aware Antivirus
[2010/11/29 12:49:17 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Amazon
[2011/12/02 17:30:47 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\BANDISOFT
[2010/12/24 14:57:57 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Bioshock
[2011/01/13 19:29:57 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Bioshock2
[2011/07/09 08:47:15 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\calibre
[2012/04/15 09:05:05 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\IObit
[2010/11/20 11:40:16 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Leadertech
[2011/12/17 00:57:51 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\LolClient
[2012/05/23 20:39:52 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\LolClient2
[2012/08/27 17:42:51 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Origin
[2010/12/12 12:16:30 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Subversion
[2010/11/19 20:34:37 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\SystemRequirementsLab
[2010/11/21 11:11:28 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Temp
[2012/06/03 10:03:24 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Thunderbird
[2011/08/03 06:42:57 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\Tific
[2011/01/01 14:11:07 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\WindSolutions
[2012/09/02 12:57:06 | 000,000,000 | ---D | M] -- C:\Users\XPS_2008\AppData\Roaming\ZalmanInstaller_otshot

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 14:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 14:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2012/07/27 13:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 19:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009/07/26 22:50:21 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=5A88324C60F26F58323B87B498CDAC7B -- C:\Windows\System32\es-ES\services.exe.mui
[2009/07/26 22:50:21 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=5A88324C60F26F58323B87B498CDAC7B -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_es-es_699efa1e876fb4d7\services.exe.mui
[2009/07/26 22:57:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\System32\fr-FR\services.exe.mui
[2009/07/26 22:57:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0c56701d7a41cb39\services.exe.mui
[2009/07/13 17:44:10 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=6D8E63A4DB8C1761AD4440C7D1818CF4 -- C:\Windows\System32\ar-SA\services.exe.mui
[2009/07/13 17:44:10 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=6D8E63A4DB8C1761AD4440C7D1818CF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_d533f9bac2463952\services.exe.mui
[2009/07/26 23:04:10 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\System32\pt-BR\services.exe.mui
[2009/07/26 23:04:10 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6fd3bef3fcc0d1\services.exe.mui

< MD5 for: SERVICES.INI >
[2005/09/26 06:16:00 | 000,003,813 | ---- | M] () MD5=34E5D0BEBEF501D89F3266DA0FC92A83 -- C:\Users\XPS_2008\AppData\Roaming\25Assist\armyops\System\Services.ini

< MD5 for: SERVICES.LNK >
[2009/07/13 21:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 14:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/26 22:57:06 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\System32\fr-FR\services.msc
[2009/07/26 22:57:06 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/13 17:40:10 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\System32\ar-SA\services.msc
[2009/07/13 17:40:10 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_0f75c9a698afd345\services.msc
[2009/07/26 22:50:16 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\System32\es-ES\services.msc
[2009/07/26 22:50:16 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3e0ca0a5dd94eca\services.msc
[2009/07/26 23:04:08 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\System32\pt-BR\services.msc
[2009/07/26 23:04:08 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 13:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< %systemroot%\*. /mp /s >

< %Temp%\smtmp\*.* /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/28 13:15:11 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/28 13:15:11 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/28 13:15:11 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/10/28 13:15:11 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/10/28 13:15:11 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/10/28 13:15:11 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/27 18:25:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/27 18:25:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/27 18:25:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/10/08 01:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/10/08 01:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/28 13:15:11 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/28 13:15:11 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/28 13:15:11 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/10/28 13:15:11 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/10/28 13:15:11 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/10/28 13:15:11 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/27 18:25:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/27 18:25:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/27 18:25:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/10/08 01:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/10/08 01:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

< End of report >


OTL Extras logfile created on: 12/11/23 11:59:34 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\AntiVi
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yy/MM/dd

3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.45% Memory free
5.99 Gb Paging File | 4.73 Gb Available in Paging File | 78.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 287.68 Gb Free Space | 61.77% Space Free | Partition Type: NTFS
Drive D: | 461.06 Gb Total Space | 34.69 Gb Free Space | 7.52% Space Free | Partition Type: NTFS
Drive E: | 634.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: XPS_2008-PC | User Name: XPS_2008 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2046201742-2579986617-2449524958-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with ACDSee] -- "D:\ACDEESEE\ACDSee32.exe" "%1" (ACD Systems, Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FD6118-CE15-4903-A310-68CD028208EA}" = rport=138 | protocol=17 | dir=out | app=system |
"{093DA6A0-60DD-466C-AC47-698AB6115A25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B8BCE56-60F6-43F6-BAE2-45C2249AD90A}" = lport=58502 | protocol=17 | dir=in | name=pando media booster |
"{0B93042F-DA19-47C6-9015-21CD2FB501A6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1A791AC4-980C-488B-8DDB-3B415D785B14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F5237A3-5D0C-44C2-A3FA-5F57D0C5661A}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{2572D889-CC07-4180-9AB4-ED277E5F1FFB}" = lport=58502 | protocol=6 | dir=in | name=pando media booster |
"{2AE4F043-5123-446E-86B7-CBBA2BA524D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2ED015F6-61C7-4398-A94F-B567BACF5BCC}" = lport=57069 | protocol=6 | dir=in | name=pando media booster |
"{353F449C-CE74-4EAC-974F-3C5D69E8D1F6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{373634EB-421C-4F99-96E5-7CF198171330}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39D5843B-F02B-4BDE-8F78-B9C8D09DA3A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{43A7BDA3-C470-413E-9282-17904F899E73}" = lport=58502 | protocol=17 | dir=in | name=pando media booster |
"{4B434D4A-5652-4B3E-B1C2-194F129B0078}" = lport=137 | protocol=17 | dir=in | app=system |
"{4D3B1A8A-C9D2-4D7C-AA36-2B0246BFA971}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5143401C-2C9D-47F9-A8FC-37B3D8BDB835}" = lport=57069 | protocol=6 | dir=in | name=pando media booster |
"{5E28CCEB-D3F1-4B90-8B28-C36DF0A7E229}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69B1C79B-1CCD-4223-99AE-F87F4E3D4588}" = lport=58925 | protocol=17 | dir=in | name=pando media booster |
"{6E01029A-CB31-4645-8308-FF30CB3FE357}" = lport=58925 | protocol=6 | dir=in | name=pando media booster |
"{6F78BD2A-E870-4B0B-85FE-CCC8340D7082}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7318334B-7739-4512-9130-CA71061BF466}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office14\outlook.exe |
"{74D38858-7A48-42FB-9D07-D0FA24F7B50A}" = lport=58925 | protocol=17 | dir=in | name=pando media booster |
"{74E4C7A8-E2EB-4174-B2BC-1B99B099813C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7B46C8B4-A66C-4050-ABD3-25243193AACD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C176382-5DCD-42D3-9F00-C21C76A99026}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82034B30-5E86-4968-A719-E0F0EA73147D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8C43F671-12F5-4FCF-ACAB-B994A1478CC5}" = lport=57069 | protocol=17 | dir=in | name=pando media booster |
"{8D1D9A0E-8E03-4FB8-805A-495F1050FF34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{92374203-1759-457F-8589-C029DAEF7074}" = rport=445 | protocol=6 | dir=out | app=system |
"{926189F1-5583-49A8-B78A-EE415A48B4B2}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{92895828-0F83-4665-BBE8-7BD84DEB3805}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0116BC4-D0D4-42C9-9068-0E8323731764}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD8B28BA-9E7F-41F1-9F6C-B0C9F4F711A8}" = lport=58502 | protocol=6 | dir=in | name=pando media booster |
"{AE72B521-2A44-4268-9479-FC490E7507C9}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF161743-4DC3-494E-8B0D-6C543BA0D8FB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AFE1D7A2-0C64-47A5-A25D-052C055FC9DB}" = lport=138 | protocol=17 | dir=in | app=system |
"{B0112B0E-02DB-47BB-9C6D-93FCB0E4EBBA}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{B34AD448-3A94-4394-831A-2C96876FDA81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB7EC4D6-9B17-439C-8A1B-18E7E36B56FB}" = rport=137 | protocol=17 | dir=out | app=system |
"{CC8CD3F8-7481-49F5-A2B1-DE9FC4C376F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D636F76C-F609-40C9-ABE8-88B551AAD9D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D7A2A972-D9EB-4290-92BC-CC8D5A7F3E09}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC32C3B2-1C54-45E3-822B-C65C9DFE62EB}" = lport=57069 | protocol=17 | dir=in | name=pando media booster |
"{E20AB5D6-C2FB-4FF6-A175-C10CE86DFF5E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF702181-E049-42D6-8F25-C6CBEB26E139}" = lport=58925 | protocol=6 | dir=in | name=pando media booster |
"{EFA74F04-D50C-4460-8457-850064CEBCAC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F57FE0C9-4AC5-4B2C-B26B-BB1BF4C3E38B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7CB9AD5-4CC7-4B66-BABF-380CAAA62314}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F92095B5-1BAE-48C1-8F3D-D4AB3479E5EB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033D0874-F9A5-4807-B524-BEBA3ADDDB06}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{04C50CCA-9C4E-407B-A862-E044BBC0DFE6}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\diprip warm up\hl2.exe |
"{06486BFD-2E8D-46AC-B07C-FB1C787C2CB0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{06D7CFEE-7ED2-43D9-8BED-1CD1E9948F09}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\c9\c9mappingaccount.exe |
"{06DB26D9-8030-4E8A-B0D1-BC071F7BDE94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07F69E10-5405-4C8F-9A20-4FBCA52363C3}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{09F1F0D6-7DAE-4B10-810D-8453AC723F26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CB73F6E-7878-43D2-B115-FBD1F1266923}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{0EA9F321-FB22-4EBF-A962-6E9477801386}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\microsoft flight\flight.exe |
"{0F2522E4-C810-42F2-BF57-FA680C52A9CF}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{0FF9DA42-BE41-487C-B85B-D716A4275BB7}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{114BF5DC-26A5-4ECA-B8C7-3E1AFC1CD863}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\source sdk base 2007\hl2.exe |
"{17723E10-53E7-4DCC-95FB-DA8C85B5636F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\diprip warm up\hl2.exe |
"{179C18E4-DAD6-4CC6-A368-59118DE81AFD}" = protocol=6 | dir=in | app=d:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{1D3052A8-739E-4683-B33C-EAFC71102BA1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1D45FEF8-8EDB-4937-A68C-885EE84C3BE5}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{1DA011C0-E886-410A-BD48-9C3A2D477212}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\jonathanwestfall\synergy\hl2.exe |
"{1F5CF539-86C5-4CBB-A138-AEFEA7D684D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FA17D9C-18C2-4921-AF24-0A4D8BDD1E31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FE932FE-1D79-45EE-80FE-099F85C186A5}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{203470F7-A2BB-4B99-BE3C-B9BB3F2A706A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{21E1CE2F-0498-42D8-9A5C-C2675BDF1CBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25735851-4FD2-49A7-A12D-570766AA800D}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{25C54A52-8A26-42CC-8A69-F91B82785D20}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{2B420A15-F312-4B62-AC5E-ED67F62EA889}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{2B7C5567-D5EB-4637-9FE9-F4D7EC84D7E1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{2B81E100-2D49-4165-80DF-F2B588F10AC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BCB1347-0907-43D1-A79D-7222C95B4B1D}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{2C58382A-09C8-4F79-8318-88A04E1D8A09}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\zombie panic! source dedicated server\srcds.exe |
"{2DF86C74-7814-4D37-83E3-B1D581CEC94F}" = protocol=17 | dir=in | app=d:\program files\starcraft ii\starcraft ii.exe |
"{2EBA03FC-6136-4A29-9C26-A0B70047853F}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{321D5AD0-7342-40AB-A939-4E391262F42D}" = protocol=6 | dir=in | app=d:\program files\starcraft ii\versions\base17326\sc2.exe |
"{32C86AE7-7956-4CC7-BC59-585AD8916E71}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33C2A1C9-4302-4AAA-9546-AA141369B8DD}" = protocol=1 | dir=out | [email protected],-28544 |
"{3425F2B6-CA02-4C21-99CA-215E830C184D}" = protocol=17 | dir=in | app=c:\program files\origin\games\battlefield 3\bf3.exe |
"{354070F7-C415-49B0-8051-82BB06194EFA}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{36D58490-FD79-4424-9CAB-B9B35CA3B6D2}" = protocol=6 | dir=in | app=d:\program files\starcraft ii\starcraft ii.exe |
"{42AD1378-68FE-4FF0-8969-7894337AEE65}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{43DF1FA3-29D1-4605-89CC-87BF86492E2E}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{453C9504-0340-4B39-83CE-CDD0283A686C}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{46049BF0-1804-4DFC-BFFE-49A9E480C8DC}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{472AC751-B4FB-4107-87D9-BCAB395B09BB}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\c9\c9mappingaccount.exe |
"{475D6B31-8544-4F08-932F-D5E9DC5091F0}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{483B5CDB-BB20-49B6-8134-4E8D6CA8CD38}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{4BA97CFE-CFF2-4472-9473-8850793B78E5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4CB431FC-E030-424A-B617-7D98EF810A99}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4D338D89-06C7-49A4-AE36-CAC8F44BFDC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{547C2ACD-9090-4F64-AA30-7DDD7A480735}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{54F3A73F-4C2A-44A1-8726-5113DB73CBF6}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{586AA23A-E339-4B7D-BF89-8548462C541F}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\terraria\terraria.exe |
"{5A2C59F0-4406-404C-899C-E232AEB06C01}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{63D58A9A-96EF-425D-A1A0-882B7FD9BE6D}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{688720F8-7104-4F85-A632-9E53E177716D}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{6B44D3E7-7ED4-4D3F-B167-36565713F8C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C3863B6-54CE-42E5-9927-A53BB9490BD5}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\dystopia dedicated server\srcds.exe |
"{6EB03A79-9E66-4EFA-93E8-7242569FCD83}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\age of chivalry\hl2.exe |
"{6EFB0434-2901-4B20-8895-0BF441430E62}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{7399B4AA-82AC-4ABE-8033-06E492C4DA24}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{753DF0C2-5292-47AF-90A3-86345924B10C}" = protocol=58 | dir=in | [email protected],-28545 |
"{75DE2A56-793B-47B4-B4A1-D7115DC3E64B}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{762B832B-56D0-4DEA-A6EA-63F7F33290B5}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"{76E7FEFD-AC92-4AA9-9926-67DA209CE6A0}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{7798AA93-183B-40AC-B8E9-30EEDDCE10FA}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\dystopia\hl2.exe |
"{7871DA24-CC0D-46CB-BFC8-8D9475E19FFB}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\jonathanwestfall\synergy\hl2.exe |
"{790EE04F-6B04-45A1-A1A8-C636F0F72537}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{794F03CD-89EF-4A72-B8EE-4F1838DAD6F1}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{7998634B-182C-4AB6-A9E9-A0BF4BBA4CC3}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\zombie panic! source\hl2.exe |
"{7D09355A-0B08-4884-A69D-489E25B99E85}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{7D93D5F5-83A6-4C41-8628-24A17E189325}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{7E62F0AE-BFED-4A44-BAF6-4C7866D0C1CB}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\onenote.exe |
"{7ECC9909-6E14-4B40-913A-711CB9028221}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\onenote.exe |
"{7EE31596-E853-4F2E-AD97-3B7760627AF7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7EFD1E02-EC67-44AA-BB28-73342C9C1EC5}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
"{7F60E00A-E44D-48F6-B8EB-389C9A51F282}" = protocol=1 | dir=in | [email protected],-28543 |
"{7FA07FCC-914B-401E-BF50-119BF2D9D993}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\smashball\hl2.exe |
"{7FDCE025-ACA6-40E6-A345-B6FF9B6ACE0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7FFB4A8D-1F6E-45F1-A96B-36305C147895}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{807D6FAB-77E6-475B-8ECF-EF7D1F866746}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\source sdk base 2007\hl2.exe |
"{81CF0D31-B8C6-45C7-AB34-3F03CD7ED807}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{85DA1CBE-215A-4F68-9BF8-26C7BB861566}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\dystopia\hl2.exe |
"{88C57905-A15F-4BFA-A747-83BBD4DF8424}" = protocol=17 | dir=in | app=d:\program files\starcraft ii\versions\base18092\sc2.exe |
"{88C680BE-A384-4080-9302-819612EC917B}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\synergy dedicated server\srcds.exe |
"{899B8B43-F699-45AE-819F-36204B359220}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C8E5BCB-75B2-4657-8456-B8FB75EE8619}" = protocol=17 | dir=in | app=d:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{8DD734AE-10A7-4B63-9D9E-C141569CB191}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\universe at war earth assault\launchuaw.exe |
"{8E9339AF-B279-4826-8F25-F61FE2A80CED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{99022340-46E7-484E-B9E1-06825290A567}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{9A21D081-B055-4D47-99B9-97D2BB973A63}" = protocol=58 | dir=out | [email protected],-28546 |
"{9C343F14-DF4B-440F-B9FB-466A80C39728}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{A0E21EB4-8989-4B41-92DA-B1F7A5B15195}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\synergy\hl2.exe |
"{A12D116B-8DCB-4C4C-AF04-34DDDF8E8C4C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{A3DAE14D-3E83-4BAE-87A9-144CB0DA4DF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A54D2A3C-34BF-44D1-A8CA-532F842C4DFD}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A6B70B17-3A5D-49BF-93B4-990AC12AEC6B}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
"{AA218BF2-139D-4501-8790-91F4FF233BE1}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\universe at war earth assault\launchuaw.exe |
"{ABAF8559-18C4-4133-A996-60FCCDFB72C8}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{ABD75300-0BF0-4791-AFD6-83133A7F98A2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AC860760-C3DC-4B02-949C-FB146C4078B6}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{AD81CC22-4E97-475B-8158-884DEEE0C558}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AE3F9FEC-D0F2-48EE-9580-5FCF40AB8F40}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B44F2898-2CAF-4B65-81C7-B70438FAE31F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\creationkit.exe |
"{B5CBB317-91EF-4134-B29C-241F9D658EB0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B6ABAD15-C515-4BD0-8FB3-5A819F46AACA}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{B8D6E9FA-4F15-4A28-B80D-4B43049523E3}" = protocol=6 | dir=in | app=d:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{BF29C39B-58E9-4FDF-9E0F-78CD370585FD}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{C05F2C7A-6DCE-4413-A9F6-1D7A0D6D11CC}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{C0C139E2-47D1-4488-890D-5968A158EB55}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{C41580A8-130E-4005-BAB5-A4DFD5914EF2}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\darwinia\darwinia.exe |
"{C5D43390-53DD-415D-9440-E09EA40CCA4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C78617EC-1A38-4CE8-BC45-D42B99C0DD78}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\microsoft flight\flight.exe |
"{C7A47717-4E5F-43A8-8A39-85AC764B7D79}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{C7A64FAD-A442-4AFC-AC8D-0E5574344644}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\synergy dedicated server\srcds.exe |
"{C95458CC-D2EA-4281-B21E-2040ECEBB8A3}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{CA8622B6-1E3F-483B-B10F-0FE5DD634F2E}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\dystopia dedicated server\srcds.exe |
"{CC3D817F-6863-4AD6-8E55-A3345C7673CC}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{CE10B8BA-60C0-47B0-837D-2586E11290BF}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{CE831D0B-D023-40F0-9AEC-3B678E31E318}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{D34C428D-B81F-4BA2-9BD2-42DBD61D0C81}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\darwinia\darwinia.exe |
"{D4F248BD-2F94-4B22-A43C-C1F0573B52DC}" = protocol=6 | dir=out | app=system |
"{D70913BE-92CB-4EC6-B12C-EC769A4AD72D}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\smashball\hl2.exe |
"{D8890E60-C159-47E3-BF10-A3CB00B4F37F}" = protocol=6 | dir=in | app=d:\program files\starcraft ii\versions\base18092\sc2.exe |
"{DC5E2B86-8666-414D-8ED1-75E4A7E2F265}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\creationkit.exe |
"{DF17FCD6-1667-4128-A051-C6143D057DBC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DF601269-513B-410A-A9CF-95B82466A3D6}" = protocol=6 | dir=in | app=c:\program files\origin\games\battlefield 3\bf3.exe |
"{E39BFDCA-FA82-4951-842C-300655E9ED15}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E39D151E-8CE2-4AB8-B065-06CF3AFF44FA}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\synergy\hl2.exe |
"{E4ECBB41-D15B-4DC3-9A4D-74AAD1BE0030}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{E8ADBE6E-8800-451A-BE8B-34F246E52959}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{ECCA9013-213E-429F-A390-7FB376DB841B}" = protocol=17 | dir=in | app=d:\program files\starcraft ii\versions\base17326\sc2.exe |
"{ED002646-7326-43AE-A3B8-C763DC993DCA}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{EE0FF0DF-EEBA-44BD-9062-338395BA8192}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\zombie panic! source dedicated server\srcds.exe |
"{F1DF42A4-C4CE-4BB3-8CAA-4ACB12B5C85B}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{F1EAE59D-D442-451F-BEF9-D0C7D61CC694}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F365A62F-0A94-4BE8-8DD1-B70F10FCA0E6}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\zombie panic! source\hl2.exe |
"{F79EEDBB-4955-4310-AC61-3F0C97FCE28A}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{F9E87F64-EABB-41A1-8929-56A8F418EBAC}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\terraria\terraria.exe |
"{FB0FDE48-E810-4097-8127-856A9622AE2D}" = protocol=17 | dir=in | app=d:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{FB767F00-52CA-49FB-A466-C223F0BFEB76}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FB7AFCAB-BE88-4D3E-89F3-DF256152FB7F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{FDD3AAEC-6C91-4051-90EF-03F13B9B3691}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\age of chivalry\hl2.exe |
"TCP Query User{1FF1A796-C735-4FE1-A164-D1146112B639}D:\program files\steam\steamapps\ulargila\source sdk base\hl2.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\source sdk base\hl2.exe |
"TCP Query User{435B47F9-A771-4E69-8C71-CC031316F40F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{793BBFEC-17CD-4826-98C8-A188F386C75C}D:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"TCP Query User{88436482-6858-4156-9028-DD24F11149F2}D:\program files\steam\steam.exe" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"TCP Query User{8E067C9C-53B3-48F3-81D3-327F0FE68DB1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{955751F7-E70D-4B71-B810-644835724FF8}C:\users\xps_2008\documents\my games\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\xps_2008\documents\my games\terraria\terrariaserver.exe |
"TCP Query User{9A92D0A3-340C-42A0-B014-E3C903BF7DB8}C:\guildwars2\gw2.exe" = protocol=6 | dir=in | app=c:\guildwars2\gw2.exe |
"TCP Query User{9B2E3E3C-1D9F-4467-AD2C-2FCACA238A4B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A8F8AD19-1885-4A91-A3B4-8511CD131166}D:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{CA32B49E-70C7-4363-A509-49ADF11654B6}D:\program files\steam\steamapps\common\universe at war earth assault\uawea.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\universe at war earth assault\uawea.exe |
"TCP Query User{CB567EAE-8CE3-4224-9D3A-1AA52CC3B32F}D:\program files\steam\steamapps\ulargila\insurgency\hl2.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\ulargila\insurgency\hl2.exe |
"TCP Query User{CEE3322A-217F-4A87-A2CA-12DCAB6D2424}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DC288FC7-868D-4035-91C3-7A7DE99F2E63}C:\users\xps_2008\appdata\roaming\25assist\armyops\system\armyops.exe" = protocol=6 | dir=in | app=c:\users\xps_2008\appdata\roaming\25assist\armyops\system\armyops.exe |
"TCP Query User{E791C3B4-9267-4986-BE84-BEEF1D176852}D:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"UDP Query User{0D3ADC09-B21F-4FB7-9EDB-EB9E12BC39D9}D:\program files\steam\steamapps\ulargila\insurgency\hl2.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\insurgency\hl2.exe |
"UDP Query User{2C59707C-7707-4D4A-AD10-203E5AC43D64}D:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"UDP Query User{429DD8AC-1FE9-47A2-A8DE-D8CC799227B9}C:\users\xps_2008\documents\my games\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\xps_2008\documents\my games\terraria\terrariaserver.exe |
"UDP Query User{5D9D3CFA-93D1-4746-8B7E-2F0D6ABC8541}D:\program files\steam\steamapps\common\universe at war earth assault\uawea.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\universe at war earth assault\uawea.exe |
"UDP Query User{6D3246D5-479F-48F9-83B4-8004824A3169}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9C546C9F-3672-4060-A796-C54719B49131}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{B00EE251-C157-494F-8519-F4F6B8FD7B66}C:\users\xps_2008\appdata\roaming\25assist\armyops\system\armyops.exe" = protocol=17 | dir=in | app=c:\users\xps_2008\appdata\roaming\25assist\armyops\system\armyops.exe |
"UDP Query User{BEA06BEB-061B-4CF0-8E20-45826D993393}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{C9AADC4D-CB5D-481E-87E8-18D6F77E4525}D:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{C9D1C4A6-4B2C-4179-840A-5D86A5C86A97}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DC8264D7-4477-44BF-B44A-7F0EE0A6BB6F}D:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"UDP Query User{DD01ED18-E152-4E45-8233-86B797E00980}D:\program files\steam\steam.exe" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"UDP Query User{F4E441F9-EB45-4294-A749-34322FA4D00B}C:\guildwars2\gw2.exe" = protocol=17 | dir=in | app=c:\guildwars2\gw2.exe |
"UDP Query User{FB036B3B-74A9-4B4B-9F81-5B7EC96218CF}D:\program files\steam\steamapps\ulargila\source sdk base\hl2.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\ulargila\source sdk base\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0904
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{C22E50B4-B9D0-4A07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C963C417-CFE3-4950-8B83-466AED0C1599}" = NVIDIA PhysX
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"7-Zip" = 7-Zip 9.20
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Guild Wars" = Guild Wars
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MapleStory" = MapleStory
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mp3parse" = MP3 Parser DirectShow Filter (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Plants vs. Zombies™" = Plants vs. Zombies™
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 1500" = Darwinia
"Steam App 1840" = Source Filmmaker
"Steam App 202480" = Creation Kit
"Steam App 203850" = Microsoft Flight
"Steam App 209870" = Blacklight: Retribution
"Steam App 212160" = Vindictus
"Steam App 212390" = C9
"Steam App 22380" = Fallout: New Vegas
"Steam App 240" = Counter-Strike: Source
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 380" = Half-Life 2: Episode One
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SystemRequirementsLab" = System Requirements Lab
"Vindictus" = Vindictus
"WhoCrashed_is1" = WhoCrashed 4.01
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2046201742-2579986617-2449524958-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/11/17 06:10:41 | Computer Name = XPS_2008-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 12/11/17 13:48:50 | Computer Name = XPS_2008-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: GROOVEEX.DLL, version: 0.0.0.0, time
stamp: 0x502c877c Exception code: 0xc0000006 Fault offset: 0x00240738 Faulting process
id: 0x4c8 Faulting application start time: 0x01cdc4a05581d560 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: D:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
Report
Id: 0b265148-30df-11e2-8579-001e4fa80d89

Error - 12/11/17 13:48:50 | Computer Name = XPS_2008-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Windows Explorer because of this error. Program: Windows Explorer
File:
The error value is listed in the Additional Data section. User Action 1. Open the
file again. This situation might be a temporary problem that corrects itself when
the program runs again. 2. If the file still cannot be accessed and - It is on the
network, your network administrator should verify that there is not a problem with
the network and that the server can be contacted. - It is on a removable disk, for
example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the
computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
click Start, click Run, type CMD, and then click OK. At the command prompt, type
CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: C000026E
Disk
type: 0

Error - 12/11/17 14:16:31 | Computer Name = XPS_2008-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00052cc7 Faulting process id:
0xfe8 Faulting application start time: 0x01cdc4ef2e455928 Faulting application path:
C:\Users\XPS_2008\Desktop\aswMBR.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: e8f85c48-30e2-11e2-8579-001e4fa80d89

Error - 12/11/20 20:12:13 | Computer Name = XPS_2008-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 12/11/20 20:12:13 | Computer Name = XPS_2008-PC | Source = Bonjour Service | ID = 100
Description = 468: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 12/11/20 23:24:58 | Computer Name = XPS_2008-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: GROOVEEX.DLL, version: 0.0.0.0, time
stamp: 0x502c877c Exception code: 0xc0000006 Fault offset: 0x0023c210 Faulting process
id: 0x908 Faulting application start time: 0x01cdc784d6974220 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: D:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
Report
Id: 06a84550-338b-11e2-913d-001e4fa80d89

Error - 12/11/20 23:24:58 | Computer Name = XPS_2008-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Windows Explorer because of this error. Program: Windows Explorer
File:
The error value is listed in the Additional Data section. User Action 1. Open the
file again. This situation might be a temporary problem that corrects itself when
the program runs again. 2. If the file still cannot be accessed and - It is on the
network, your network administrator should verify that there is not a problem with
the network and that the server can be contacted. - It is on a removable disk, for
example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the
computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
click Start, click Run, type CMD, and then click OK. At the command prompt, type
CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: C000026E
Disk
type: 0

Error - 12/11/20 23:27:53 | Computer Name = XPS_2008-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 12/11/21 01:19:24 | Computer Name = XPS_2008-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

[ System Events ]
Error - 12/11/23 13:34:12 | Computer Name = XPS_2008-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 12/11/23 13:34:48 | Computer Name = XPS_2008-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 12/11/23 13:41:12 | Computer Name = XPS_2008-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 12/11/23 13:45:18 | Computer Name = XPS_2008-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

Error - 12/11/23 13:45:21 | Computer Name = XPS_2008-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

Error - 12/11/23 13:52:55 | Computer Name = XPS_2008-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 12/11/23 13:54:23 | Computer Name = XPS_2008-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

Error - 12/11/23 13:54:27 | Computer Name = XPS_2008-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

Error - 12/11/23 14:21:49 | Computer Name = XPS_2008-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:16:57 AM on ?11/?23/?2012 was unexpected.

Error - 12/11/23 14:22:21 | Computer Name = XPS_2008-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058


< End of report >
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Sorry for the delay. I was away.

It looks like your hard disk is dying. I recommend you to backup all your valuable data to some removable media (USB memory key, external hard disk etc.).

Then proceed with this steps:

  • Click Start, and then in Search programs and files text-box type cmd.
  • Right click on cmd and then navigate and click on Run as administrator.
  • UAC window will open. Click on OK button.
  • At the command prompt, type chkdsk c: /f /r and then press ENTER.

Type Y, and then press ENTER to schedule the disk check, and then restart your computer to start the disk check.

Note: Depending on the data and volume size, chkdsk process may take minutes to hours or days.
  • 0

#9
ular

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thank you Render,

I ran chkdsk D: /f yesterday from the cmd prompt and it seemed to run okay, so I will run it on C:

I hope you had a good Thanksgiving!

Ular
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes, please, run it on c partition as your system files are there.
  • 0

Advertisements


#11
ular

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi Render,

I have run chkdsk on both C: and D: drives. I do not know where the log file is located.

Ular
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
I don't need log file. Please proceed with following:

Go to Start > All Programs > Accessories
Right click Command Prompt and select Run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

Let me know then if there is any improvement.
  • 0

#13
ular

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi Render,

Completed scan as requested. Ending message stated Windows Resource Protection found no integrity violations.

PC is operating with no icon loss, but does lock up on about 15 to 30 minute intervals. All drives and folders seem to be available and programs seem to operate except MS Word which indicates gfx.dll is missing.

Thank you,

Ular

Edited by ular, 25 November 2012 - 07:44 PM.

  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
For MS Office try to repair it as described here.

Also go here, download and run SeaTools for Windows to check your hard disk.
  • 0

#15
ular

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thank you Render,

I will try both when I get home from work.

Ular
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP