Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost.exe virus :/


  • Please log in to reply

#1
WarpGenesis

WarpGenesis

    New Member

  • Member
  • Pip
  • 7 posts
Hello, I have had this virus for awhile and it has honestly gotten unbearable, I found another posting about it and used the scanning programs he listed but when he stated it was specifically for that persons computer, I just scanned and made an account. Please help? I will be pasting the OTL, aswMBR, and Extras at the end of this. Also, if it is of any importance, I found it's location in with Rkill and deleted the file in SafeMode, it was located in C:/Users/Warp's Computer/AppData/Roaming/Adobe32. Did I mess myself up even more by deleting it? :X It no longer shows up or runs in the processes tab of Task Manager but is still eating up my RAM.
OTL:
OTL logfile created on: 3/21/2013 4:04:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ben's Computer\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 14.64 Gb Available Physical Memory | 91.77% Memory free
31.90 Gb Paging File | 30.55 Gb Available in Paging File | 95.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 179.26 Gb Free Space | 38.49% Space Free | Partition Type: NTFS

Computer Name: BENSCOMPUTER-PC | User Name: Ben's Computer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/21 16:03:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ben's Computer\Downloads\OTL.exe
PRC - [2013/03/21 16:01:25 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ben's Computer\Downloads\aswMBR.exe
PRC - [2013/03/10 20:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/10 20:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 20:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 20:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/13 00:31:20 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 15:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/29 06:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/23 18:58:52 | 000,120,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/10/10 22:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe -- (N360)
SRV - [2012/09/07 22:36:46 | 000,087,992 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/05/14 06:35:24 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/11/21 14:54:46 | 000,377,088 | ---- | M] (Ralink Technology, Corp.) [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011/11/21 14:54:40 | 000,455,424 | ---- | M] (Ralink Technology, Corp.) [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/06 15:58:44 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/02/03 19:13:20 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/08 21:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 21:40:36 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 21:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2012/10/03 21:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/07/22 21:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/07/03 11:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/12 10:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/05/25 01:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/05/20 12:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/05/20 12:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/05/20 12:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/05/09 20:11:02 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/13 16:40:46 | 001,675,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/12/05 16:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/03 12:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/03 12:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/03/16 07:51:04 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130321.005\ex64.sys -- (NAVEX15)
DRV - [2013/03/16 07:51:04 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130321.005\eng64.sys -- (NAVENG)
DRV - [2013/02/06 16:00:35 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/02/05 17:44:54 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130320.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/01/16 04:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...6c-50465d65f083
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{24F25E5B-4C2A-466D-BF2B-9827C1CBB2B6}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = ${SEARCH_URL}{searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...2-50465D65F083}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...6c-50465d65f083
IE - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 79 81 E4 92 F1 CD 01 [binary data]
IE - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..\SearchScopes\{24F25E5B-4C2A-466D-BF2B-9827C1CBB2B6}: "URL" = http://www.google.co...1I7ASUM_enUS518
IE - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ASUM_enUS518
IE - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...2-50465D65F083}
IE - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/03/16 11:31:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/03/21 15:55:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://gmail.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Intel\u00C2\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00C2\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YT Native Center Layout = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\becgdfhcipoaiiaigklmfjpcmdeclobd\0.1.13_0\
CHR - Extension: YouTube = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Assassin's Creed III = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn\1.3_0\
CHR - Extension: SSoHPKC's YouTube Emporium = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggboolgkkmmgjpohgfbiohcajegihgml\1.0.1_0\
CHR - Extension: ChimneySwift11's YouTube Channel = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghajlcgpoghfjldldggbiligiahgalmk\1.0.5_0\
CHR - Extension: AdBlock = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: MagniPic = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kglhhmgpljpkjnmbhkbnbbjbinkildcl\1\
CHR - Extension: Center'd - Center the new YT = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgjcknlnbcciacdklmnafmfcfjnpcja\1.8_0\
CHR - Extension: Dragons of Atlantis = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf\1.6.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\
CHR - Extension: AntVenom Youtube\u00E2\u201E\u00A2 Channel = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndmkhhjfkoejodpfhegooojicnffehdc\1.0.8_0\
CHR - Extension: Gmail = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YT Native Center Layout = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\becgdfhcipoaiiaigklmfjpcmdeclobd\0.1.13_0\
CHR - Extension: YouTube = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Assassin's Creed III = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn\1.3_0\
CHR - Extension: SSoHPKC's YouTube Emporium = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggboolgkkmmgjpohgfbiohcajegihgml\1.0.1_0\
CHR - Extension: ChimneySwift11's YouTube Channel = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghajlcgpoghfjldldggbiligiahgalmk\1.0.5_0\
CHR - Extension: AdBlock = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: MagniPic = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kglhhmgpljpkjnmbhkbnbbjbinkildcl\1\
CHR - Extension: Center'd - Center the new YT = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgjcknlnbcciacdklmnafmfcfjnpcja\1.8_0\
CHR - Extension: Dragons of Atlantis = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf\1.6.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\
CHR - Extension: AntVenom Youtube\u00E2\u201E\u00A2 Channel = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndmkhhjfkoejodpfhegooojicnffehdc\1.0.8_0\
CHR - Extension: Gmail = C:\Users\Ben's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2405279664-821220407-2412138937-1000..\Run: [AdobeUpdate] C:\Users\Ben's Computer\AppData\Roaming\Adobe32\invis.vbs ()
O4 - HKU\S-1-5-21-2405279664-821220407-2412138937-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
F3:64bit: - HKU\S-1-5-21-2405279664-821220407-2412138937-1000 WinNT: Load - (C:\Users\BEN'SC~1\LOCALS~1\Temp\msivunzt.scr) - File not found
F3 - HKU\S-1-5-21-2405279664-821220407-2412138937-1000 WinNT: Load - (C:\Users\BEN'SC~1\LOCALS~1\Temp\msivunzt.scr) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2405279664-821220407-2412138937-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F60E83B-DEB1-421F-B8BB-A35516694996}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F24D7F87-3089-4EFC-A00D-2F10CC6A8FAF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~2\zoomex\sprote~1.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\magnipic\sprote~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e010e81-5162-11e2-8968-50465d65f083}\Shell - "" = AutoRun
O33 - MountPoints2\{2e010e81-5162-11e2-8968-50465d65f083}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
O33 - MountPoints2\{7eb146c7-51d4-11e2-83c4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7eb146c7-51d4-11e2-83c4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe
O33 - MountPoints2\{f805bbb7-6a62-11e2-aad5-50465d65f083}\Shell - "" = AutoRun
O33 - MountPoints2\{f805bbb7-6a62-11e2-aad5-50465d65f083}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/03/21 15:48:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/21 14:55:31 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\Desktop\rkill
[2013/03/20 15:06:41 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\AppData\Local\NPE
[2013/03/20 13:10:06 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/03/18 03:00:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/18 03:00:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/18 03:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/18 03:00:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/18 03:00:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/18 03:00:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/18 03:00:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/18 03:00:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/18 03:00:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/18 03:00:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/18 03:00:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/18 03:00:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/18 03:00:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/18 03:00:44 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/18 03:00:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/17 01:10:51 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\AppData\Local\BigHugeEngine
[2013/03/16 09:46:00 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\Documents\Dust
[2013/03/16 09:23:11 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\Documents\IAmAlive
[2013/03/13 20:46:53 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\Documents\CAPCOM
[2013/03/13 00:31:05 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/03/07 16:46:38 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/07 16:45:51 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/05 00:17:07 | 000,000,000 | R--D | C] -- C:\Users\Ben's Computer\Desktop\Icon Folder
[2013/03/03 09:55:09 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\Desktop\Emulator
[2013/02/27 22:51:22 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\AppData\Roaming\IMVU
[2013/02/27 22:51:14 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\AppData\Roaming\IMVUClient
[2013/02/26 19:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetDragon
[2013/02/26 19:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\en_my
[2013/02/24 21:15:22 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
[2013/02/22 02:14:29 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\AppData\Local\SKIDROW
[2013/02/19 19:45:04 | 000,000,000 | ---D | C] -- C:\Users\Ben's Computer\Documents\HeroBlade Logs
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/21 16:05:19 | 000,000,512 | ---- | M] () -- C:\Users\Ben's Computer\Desktop\MBR.dat
[2013/03/21 15:58:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/21 15:58:02 | 4254,367,742 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/21 15:54:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/21 15:16:17 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 15:16:17 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 15:08:01 | 000,001,189 | ---- | M] () -- C:\Users\Ben's Computer\Desktop\tdsskiller - Shortcut.lnk
[2013/03/21 15:07:56 | 000,001,136 | ---- | M] () -- C:\Users\Ben's Computer\Desktop\rkill - Shortcut.lnk
[2013/03/21 05:31:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/20 16:53:03 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 13:09:44 | 001,220,584 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/20 13:09:44 | 000,310,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/20 13:09:44 | 000,006,206 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/17 07:55:39 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2013/03/16 12:53:36 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/13 00:31:19 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/13 00:31:19 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/13 00:31:05 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/03/08 22:03:37 | 000,001,774 | ---- | M] () -- C:\Users\Ben's Computer\Desktop\skse_loader - Shortcut.lnk
[2013/03/07 16:45:48 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/07 16:45:48 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/07 16:45:48 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/07 16:45:48 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/07 16:45:48 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/07 16:45:48 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/07 04:21:26 | 000,000,914 | ---- | M] () -- C:\Users\Ben's Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Nexus Mod Manager.lnk
[2013/03/07 04:21:26 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/02/28 15:52:28 | 000,000,000 | ---- | M] () -- C:\Users\Ben's Computer\__ng3d.lock
[2013/02/24 18:20:51 | 000,000,232 | ---- | M] () -- C:\Users\Ben's Computer\Desktop\The Elder Scrolls V Skyrim.lnk
[2013/02/22 02:12:13 | 000,001,727 | ---- | M] () -- C:\Users\Ben's Computer\Desktop\Play Dragon Age Origins.lnk
[2013/02/22 01:59:44 | 000,001,671 | ---- | M] () -- C:\Users\Ben's Computer\Desktop\Play DmC Devil May Cry.lnk
[2013/02/19 18:47:58 | 000,001,129 | ---- | M] () -- C:\Users\Ben's Computer\Documents - Shortcut.lnk
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/21 16:05:19 | 000,000,512 | ---- | C] () -- C:\Users\Ben's Computer\Desktop\MBR.dat
[2013/03/21 15:08:01 | 000,001,189 | ---- | C] () -- C:\Users\Ben's Computer\Desktop\tdsskiller - Shortcut.lnk
[2013/03/21 15:07:56 | 000,001,136 | ---- | C] () -- C:\Users\Ben's Computer\Desktop\rkill - Shortcut.lnk
[2013/03/17 07:55:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2013/03/08 22:03:37 | 000,001,774 | ---- | C] () -- C:\Users\Ben's Computer\Desktop\skse_loader - Shortcut.lnk
[2013/03/03 00:13:47 | 000,000,914 | ---- | C] () -- C:\Users\Ben's Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Nexus Mod Manager.lnk
[2013/03/01 17:38:00 | 067,108,864 | ---- | C] () -- C:\Users\Ben's Computer\Documents\Pokemon Diamond.nds
[2013/02/28 15:52:28 | 000,000,000 | ---- | C] () -- C:\Users\Ben's Computer\__ng3d.lock
[2013/02/24 18:20:51 | 000,000,232 | ---- | C] () -- C:\Users\Ben's Computer\Desktop\The Elder Scrolls V Skyrim.lnk
[2013/02/22 01:59:44 | 000,001,671 | ---- | C] () -- C:\Users\Ben's Computer\Desktop\Play DmC Devil May Cry.lnk
[2013/02/22 01:26:42 | 046,530,941 | ---- | C] () -- C:\Users\Ben's Computer\Documents\win7settings.exe
[2013/02/22 01:26:25 | 000,001,727 | ---- | C] () -- C:\Users\Ben's Computer\Desktop\Play Dragon Age Origins.lnk
[2013/02/19 18:47:58 | 000,001,129 | ---- | C] () -- C:\Users\Ben's Computer\Documents - Shortcut.lnk
[2013/02/13 12:06:22 | 000,232,904 | ---- | C] () -- C:\Users\Ben's Computer\AppData\Roaming\poclbm121016GeForce GT 430gv1w256l4.bin
[2013/02/12 12:25:04 | 000,000,858 | ---- | C] () -- C:\Windows\client.config.ini
[2013/01/20 14:12:18 | 001,503,728 | ---- | C] () -- C:\Users\Ben's Computer\AppData\Roaming\AFS7_32x_TexturePack.zip
[2013/01/20 14:12:18 | 000,726,896 | ---- | C] () -- C:\Users\Ben's Computer\AppData\Roaming\AFS7_16x_TexturePack.zip
[2013/01/20 14:12:18 | 000,000,134 | ---- | C] () -- C:\Users\Ben's Computer\AppData\Roaming\Rules, Tips & Achievements.url
[2013/01/06 10:36:04 | 000,006,188 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/29 09:41:39 | 013,026,304 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/12/29 09:41:39 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/12/29 09:41:39 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/12/29 09:41:39 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/29 09:34:57 | 000,064,122 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/12/29 09:34:16 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/12/29 09:34:11 | 000,044,130 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/18 05:19:55 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\.minecraft
[2012/12/02 02:33:12 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\AFS 5.0 + EAFS 2.0
[2013/01/15 12:58:11 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\Awesomium
[2013/03/16 07:48:48 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\BitTorrent
[2013/03/09 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\DAEMON Tools Pro
[2013/01/12 16:37:08 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\ExpressFiles
[2013/01/23 20:51:13 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\ftblauncher
[2013/03/19 06:40:52 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\IMVU
[2013/02/27 22:51:15 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\IMVUClient
[2013/01/21 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\Little Inferno
[2013/02/13 04:27:39 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\MotoCast
[2012/12/31 19:28:57 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\Motorola
[2012/12/31 19:29:56 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\Motorola Mobility
[2013/02/03 19:13:31 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\OpenCandy
[2013/01/09 06:23:24 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\Opera
[2013/02/09 12:42:15 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\Origin
[2013/02/13 12:04:50 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\Spotify
[2013/03/16 11:31:12 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\SystemRequirementsLab
[2013/01/22 15:25:05 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\TFP
[2013/01/21 14:29:20 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\Ubisoft
[2013/01/24 08:19:10 | 000,000,000 | ---D | M] -- C:\Users\Ben's Computer\AppData\Roaming\Unity

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Files - Unicode (All) ==========
[2013/01/12 16:53:10 | 000,000,000 | ---D | M](C:\Users\Ben's Computer\????????) -- C:\Users\Warp's Computer\ТрахБург
[2013/01/12 16:53:10 | 000,000,000 | ---D | M](C:\Users\Ben's Computer\????????) -- C:\Users\Warp's Computer\ТрахБург
(C:\Users\Warp's Computer\????????) -- C:\Users\Warp's Computer\ТрахБург

< End of report >
aswMBR:
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-21 16:01:34
-----------------------------
16:01:34.348 OS Version: Windows x64 6.1.7600
16:01:34.348 Number of processors: 8 586 0x3A09
16:01:34.348 ComputerName: BENSCOMPUTER-PC UserName: Ben's Computer
16:01:35.409 Initialize success
16:01:39.949 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:01:39.950 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:01:40.074 Disk 0 MBR read successfully
16:01:40.075 Disk 0 MBR scan
16:01:40.076 Disk 0 Windows 7 default MBR code
16:01:40.083 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:01:40.094 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
16:01:40.110 Disk 0 scanning C:\Windows\system32\drivers
16:01:44.532 Service scanning
16:01:56.295 Modules scanning
16:01:56.295 Disk 0 trace - called modules:
16:01:56.295 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:01:56.310 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d809060]
16:01:56.310 3 CLASSPNP.SYS[fffff8800147543f] -> nt!IofCallDriver -> [0xfffffa800d4b3e40]
16:01:56.310 5 ACPI.sys[fffff88000d6d781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d4b6050]
16:01:56.310 Scan finished successfully
16:05:19.351 Disk 0 MBR has been saved successfully to "C:\Users\Warp's Computer\Desktop\MBR.dat"
16:05:19.351 The log file has been saved successfully to "C:\Users\Warp's Computer\Desktop\aswMBR.txt"
Extras:
OTL Extras logfile created on: 3/21/2013 4:04:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ben's Computer\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 14.64 Gb Available Physical Memory | 91.77% Memory free
31.90 Gb Paging File | 30.55 Gb Available in Paging File | 95.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 179.26 Gb Free Space | 38.49% Space Free | Partition Type: NTFS

Computer Name: BENSCOMPUTER-PC | User Name: Ben's Computer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2405279664-821220407-2412138937-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B4D13A4-A7FF-411F-83F9-5ACB507943B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27509A29-FAA0-4A56-9E19-61F86ABE49EE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{282D79D9-BDA1-41D9-B72C-BB0012F986E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{31C986CE-E7E0-455F-AFDF-4A915B74E618}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3267D25E-509E-4151-AB2C-0A067D1F9676}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3599BD95-6D70-4B9F-9E72-2F3E032F7F94}" = rport=137 | protocol=17 | dir=out | app=system |
"{3ED2D960-26B1-4DC4-B898-67C31CB5B1FA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5F75A8F2-A385-4009-ADEC-E553AADF289F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62D5F2D1-BFAD-4CE9-9B7B-9E360D1BF5FC}" = lport=138 | protocol=17 | dir=in | app=system |
"{6DAD5070-3153-4F5E-89CE-FBF6165886EC}" = rport=445 | protocol=6 | dir=out | app=system |
"{81781A3E-F140-46A5-BB87-CC9A90C14D91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88FF8732-8F57-4737-B20C-DFA2B1FCD851}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A1584A43-825B-4714-A5FE-B1FBDA469976}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4A0F9CD-B3D6-46DC-9091-0952681E00DB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A710941E-9C62-4E50-B071-A884318B5891}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF6D50CE-A8F2-4302-B61F-508216397E1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B194186B-58E1-454F-AF9A-820E37897876}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B246CC33-97AD-43F2-9E3A-D64FF343F645}" = lport=445 | protocol=6 | dir=in | app=system |
"{B401D937-C101-4572-9E34-6C81C61C9875}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE0C01CA-CC79-4BE2-8501-EF0CA5F59426}" = rport=139 | protocol=6 | dir=out | app=system |
"{C0D19396-D34F-4A4F-B4CD-3D85AFF20A0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBBF97F0-714B-4929-BECE-16C543AF8980}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DC624DE9-DFEE-4D8B-8BB5-7C1EC4F0F4E8}" = rport=138 | protocol=17 | dir=out | app=system |
"{E3161A3F-00D1-4234-92DB-3CFAA7A3812C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E781E0DC-320B-480F-B937-224DB08C375B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7C264F1-3A1B-47E5-ADAD-CD2E681E3DCB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9C74644-BD14-42D4-AFF8-5F37365BE8D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8D6270E-6604-4117-8B33-C0F4C203987F}" = lport=137 | protocol=17 | dir=in | app=system |
"{FDF276A8-B58B-497C-A9CA-AE51CFA08CAB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0055D007-49A0-4EB8-BC40-A129369F1736}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{00F598D9-AE65-44ED-BDA8-358C444AF87A}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{01A24D63-694C-4512-86CB-B5D5DF834807}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{01ABE07C-81DC-4F59-B951-F097B4E23FA1}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"{03AF890E-CB42-490B-AE48-701B65DFE5C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{0423C29A-1434-4E3E-BF85-3DA0B703B170}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{0B42712F-957C-488B-B795-6B25F1EB3BED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{0D2E7034-B991-492D-A1C7-FE7423CC46D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{0E5E6AA0-184A-4022-8EE2-53B4F424018A}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{0F0C9FA7-2615-4A1D-950C-FE28D7FCB0B7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1446955C-0AC6-4453-B285-25930E482F1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1531E5F5-5520-4181-BAC6-7F3A2A4079FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{157FB76B-04D9-409E-AC97-24C455CC1DDC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15BF554F-3E54-44E2-BDAC-374C6005CE0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1662A64B-E167-4140-AFAA-E557FD61CB50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{19739BE3-2B00-433D-9AD4-D33D5C95FE6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{1D41B813-811F-4E75-BCAE-8D8876DA82FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{1F221221-E7B8-4189-9007-FB5986BA0A52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{206899E8-BA8A-4E77-A8DE-575A267D6849}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{20B9006C-EB35-4476-A596-0557AC53071D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe |
"{20F24B25-1F3B-49EB-9089-6763D8CABC6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"{222B4AAD-13EA-4EF3-8CD3-CB650DE66212}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline_demo\binaries\win32\specopstheline.exe |
"{23998118-E230-4488-B053-BE9761A6D956}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23EA2CEB-857F-4BE4-9284-B7839804B3E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{244A71EF-E974-4843-ACCE-023C74FED31E}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{2560615D-DCC1-4EE2-B89F-D59764A8F94D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{25FD2384-9CB2-4735-8F51-70203013A875}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"{2A140034-6648-49DB-8B37-40512E51619A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{2AABDAB6-4EB8-452B-B2F8-B4867A46EEE1}" = protocol=58 | dir=out | [email protected],-28546 |
"{2BA7D2ED-99C3-4430-A0BB-040DAC69E332}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2DEF69D5-1C59-4AC5-8502-EFDF92113371}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{2ED3A807-70AE-482A-B3B3-5DB9D7EB0AB0}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{36BA5B32-8B4D-4BEB-B149-5FC79D089BF1}" = protocol=17 | dir=in | app=c:\users\ben's computer\appdata\roaming\bittorrent\bittorrent.exe |
"{36F8865C-7A7F-40E1-BA9F-5F4955165B0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{391A80D1-01F5-48E1-B72E-146B39D37C91}" = protocol=1 | dir=in | [email protected],-28543 |
"{3A3B5179-C90E-444A-AE78-BDBFA831C3AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe |
"{3CB8D6A4-434E-4B25-B1AF-EC16D1FDAC32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{3DFD5FF4-7C1E-4D0A-B8FA-92EF353132D6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{41360A9C-D6C5-42EF-B02F-160C25E95411}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{41E1779B-C120-4203-9342-3EC4DC3E460A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{4316347E-CB3C-4D0A-B7E4-89739CC14D3A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4402E8FD-ADC1-4FE3-A45A-BD39AFF87A66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gearup\bin\traktor.amalgam.app.exe |
"{478331AB-61E0-4E8C-A7D3-B77A26A8B44E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{4932E0FA-B067-4167-B92A-09A42E770E41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 6 benchmark tool\re6.exe |
"{4A79D627-AA16-4F5F-A106-3725F309BE68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{51B1F26F-0134-4BC5-9460-5F2B4A7FD784}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\everquest 2\launchpad.exe |
"{51E8ACF7-2381-470E-B500-84BE547353C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{5490CBAF-5E97-419B-B45A-E56A84E5E3D0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{56B3FDA2-E590-4015-BB26-4059535E1D4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe |
"{576FF1E3-FCCC-479C-B89C-50E4C20D01F1}" = protocol=58 | dir=in | [email protected],-28545 |
"{579100F6-4BF8-4090-A1DF-6B6B5B88B629}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{59FDA48F-86C7-424C-8EB4-625F4F16C4FC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{5A6E0C55-8159-4D75-887E-E258175300BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5B7367DE-2DD8-4CE2-8B52-A6522E267B47}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5ED3228B-DCC0-4B72-B28A-040DEA2579CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{603CD6D3-EA90-424B-88F6-00099BF40C13}" = protocol=6 | dir=out | app=system |
"{6164553B-6C2F-4D86-BBEC-C85500C7440C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{624C67BD-6E47-4048-8173-1A9933738B2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 6 benchmark tool\re6.exe |
"{62BC2B2F-9AA3-43E7-981B-3FD9D9079943}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{69F7DCC1-C10D-4804-9DE1-2BA4D28811EE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6BF1699D-F9EA-443C-8BF6-67CA9440F584}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{6D16C885-42BA-4240-90DE-DA9FE8DBCC23}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{6FBED783-FA70-43E5-BDB2-9A96520C27C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe |
"{70C52A86-16D9-4844-ABC0-6F4AC0A7739D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{71F3A0D8-831B-4034-8B4E-0E122BE5AB20}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7431438B-47F1-47C1-AEBB-C8D66E086916}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{761214BF-8C2F-4C28-A710-B70B9F421DD6}" = protocol=1 | dir=out | [email protected],-28544 |
"{76F3C685-70BB-48F1-8818-3390EAF88FD6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{78BD40D2-9142-42C1-9BEC-327884BAF24F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{792823AF-8372-430F-8D5A-3FE17F338919}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{7D30CDF4-7DA9-4B8F-9140-23C88F845CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe |
"{80F99027-199B-4AAE-8E5D-C120B3A19930}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{82A0E12A-79CC-4ED9-8053-8582E1563103}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{855A3594-7890-400E-92BC-055D14FFA490}" = protocol=6 | dir=in | app=c:\users\ben's computer\downloads\eudemons_p2p_v1650.exe |
"{87764863-4B93-4E8B-892C-A55526998497}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8840BE05-39A3-48E7-AB43-B22D5CEF68A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88591C6F-F9BB-49B6-85B7-613BB3F6BF8D}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{8C1FAA3F-8192-405B-B653-C3B4953E4DEC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{8C8CD7F2-87FC-4310-A207-7863F95E3AF7}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8D5E3119-0F8E-4878-B324-95B9D6A8E86D}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{8E9DCFF6-9EF9-4E9C-9E6B-C053EB8854D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"{907B645C-A8D0-4A80-8EBD-BAB2746AADD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{91130B29-45EC-4286-B8DA-BDF74255C9BB}" = protocol=6 | dir=in | app=c:\users\ben's computer\appdata\roaming\bittorrent\bittorrent.exe |
"{91321F53-DCC3-4543-A2CF-22D2FFB115A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{91AE806A-B226-4C7E-94FF-295E608A1A2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe |
"{93A0E1BE-9395-4B48-9C6A-B19F9353D70B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\i am alive\src\system\iamalive_game.exe |
"{944D90B3-4F05-418A-B244-CB78A04A9CAA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{98F2245D-005D-4775-82DB-155B17584F87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{997069E3-FFFA-4A51-ABE9-56554F6223E0}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9A3655AD-07F7-457A-BC97-F025743F5838}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{9B3DAB15-75B8-4AB7-93F8-20ECDB55CF41}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9B9C6AF8-B62C-42E5-BC44-9872D0C7B630}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{9D90BA0F-BA85-40F9-B618-B4E137D90260}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9DA0D985-0D5D-457A-90BE-EC9F9964FD48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{9DB63F2C-8D83-495F-B6DB-CC9BEADE9E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{A25B591A-5510-4710-8421-396A0AD063C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{A2C2505F-3B05-47E4-AF6E-C784BB76F39F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7214B08-8126-4679-923E-F3E636F0A5A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{A8C16E63-EE31-4F57-873D-78B6F24481FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{B275C272-0710-4AAC-8813-A46EEEA5C7C5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B28273EC-62FA-46CC-9272-65C966E3293D}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{B9BBE530-6E55-4632-A5F0-87CBF9B75F8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{BCC6B344-BB7F-4C11-8246-CC1467C843E3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BE6D3666-2A8A-49D1-B423-B49E36C478BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{C21638AF-8FC7-4221-9926-3B13DA00D612}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{C3159C8D-423B-4452-952C-8D99F9F5667C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"{C4AD46B1-2EEE-4CB0-BF2C-665876E91406}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{C4DC9713-774E-4E48-B369-2B244FBC5FF5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C5AABF1F-8583-4445-83CC-E59EB353C21D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{C5DD5597-6957-49BA-AEAE-EFD871BA0EA7}" = protocol=17 | dir=in | app=c:\users\ben's computer\downloads\eudemons_p2p_v1650.exe |
"{C6228B29-B033-4629-A09F-51F49E76A01B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline_demo\binaries\win32\specopstheline.exe |
"{C7746342-677F-4EC1-85FE-DC3BF9E68886}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{CB79AA8F-7F61-485E-BE88-35224BF141B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{CD264DB1-207F-4427-9F4D-47D997364DB5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{CDB40928-62F3-4C52-AF55-A71E0D6E456A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\i am alive\src\system\iamalive_game.exe |
"{D2642BE4-C25B-4B16-9951-49A4A405A44B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{D390E23B-F782-4222-9F53-03453465565B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe |
"{D3B0FDE1-A614-4C1B-9F93-C686B82A96B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D400A60A-46B4-4821-8422-BDF6AA93C9E5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{D4D34D5D-17EB-4A90-BD26-2A38C6E9486A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{D5746F7C-7F30-4D26-9A7E-B73D44A6EAFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{D8A72D18-CEE0-4EBD-A9CF-2C76AF8FAB5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9E857B5-D893-4DB4-AD5E-27AE5F2C5CBA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DA4B4575-89CC-4B1D-A8B3-9063F8076526}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |
"{DA8910EA-50DB-43A9-A881-9D7A21071B2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{DBCB620C-E34D-42D5-B202-24C250D29005}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{DBDD1EA3-E40C-4F8B-929D-6C4A7A10DEA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF167402-69F3-4BA9-A0BC-8BAE2500A106}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gearup\bin\traktor.amalgam.app.exe |
"{E054C1A6-55E9-4F5E-98F6-A279B4CF42CE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{E182EC2B-E26E-4B75-AEC9-05789B07A3A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E1EE2E91-7F46-4D5E-99F5-CCAD625B6E7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{E470432B-3B73-47BE-9E5C-6D78154305A3}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{E4A0FF18-F6EB-4CD7-9EA0-AB68AB8956A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe |
"{EE32344C-691F-4457-AE28-8B416B6BE47A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{EE6D523A-1B37-4288-AEB0-8F3CFE26B17B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{EFFD2E2E-0280-44E0-A620-32A234F610C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F2DC0F05-DCF3-41B9-BC08-70DE53660DB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{F5B046FF-49AF-4A48-8954-9643BD1210F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |
"{F5B754BC-EEAF-4B2F-ADDB-1231198DC6F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |
"{F6086DEC-078D-4382-BF4E-3DAB2F5396EF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F676A01F-B0B6-4575-86B7-326D1244ECCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\everquest 2\launchpad.exe |
"{F73354BA-B87A-46A7-B481-F9B0050A18A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |
"{FA04C91D-EA23-44BA-B438-0AE713FC46C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{FE8235FE-DA49-4470-913F-19B0C195FCB3}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{FFBEAD78-D0C4-4DF7-B36D-FFAC858B886F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{19C712DC-4E46-4EC2-BCAC-43DBEFE89EFB}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"TCP Query User{20330AF6-CBF0-4E90-B9ED-6CF6DD24BBBA}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{6D83F0C2-403F-43A0-AB02-874CF4D8472B}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{98F93A89-4221-4F2E-BC44-7EF2961819EE}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"TCP Query User{A3B32885-8AAB-4C36-8FE5-15C84BA1BB6C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{BC6041DE-D45F-43DE-AD6B-A44F8F6C3327}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{C0919D8B-2D97-41D5-9235-080091F02A3A}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"TCP Query User{E45E6AC8-F42E-4EEF-B3FA-A65DC5092C52}C:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe |
"TCP Query User{E5477D09-330F-4831-AAA1-F3BCB6A1422F}C:\users\public\sony online entertainment\installed games\bullet run\binaries\win32\bulletrun.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\bullet run\binaries\win32\bulletrun.exe |
"TCP Query User{E64A34EC-3161-4047-B607-E2B955FC5703}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{EF685DFB-78C6-4F69-A522-4B5694BF6C90}C:\users\ben's computer\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ben's computer\appdata\roaming\spotify\spotify.exe |
"UDP Query User{12317742-660B-4230-9FBF-BB189CA45F21}C:\users\ben's computer\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ben's computer\appdata\roaming\spotify\spotify.exe |
"UDP Query User{56BFAC5A-C5D8-42D5-AA01-1DD8A98C6088}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{66110DCE-7F8A-47D8-8C2B-F02D19476042}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"UDP Query User{881C402C-2330-469B-8BE7-2D0B822D87CD}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{8CBEEE3D-9332-445F-8B12-BC6064AEF43A}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"UDP Query User{97DD3EF2-CE44-4D7A-9712-B122AAD56A27}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{C64539D7-D951-45DD-A582-745AA7556D13}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{D4FDE43E-FEFB-4869-8F07-6775C26421D5}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"UDP Query User{E25A66C8-1245-47D6-B383-2A0EFD41C32E}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{F41836CF-4A53-4A3E-A346-B86EB50D9D07}C:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe |
"UDP Query User{F8A17E24-BD20-4F53-91A6-979C90227EA6}C:\users\public\sony online entertainment\installed games\bullet run\binaries\win32\bulletrun.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\bullet run\binaries\win32\bulletrun.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{422FB885-2E3D-4F0C-8C47-BF4336B5318B}" = NETGEAR WNDA4100 Genie
"{49BE9B8A-E858-4533-A74A-64306C13DB59}" = ASUS Product Register Program
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BitTorrent" = BitTorrent
"DAEMON Tools Pro" = DAEMON Tools Pro
"Google Chrome" = Google Chrome
"InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}" = NETGEAR WNDA4100 Genie
"McAfee Security Scan" = McAfee Security Scan Plus
"N360" = Norton Security Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 12.12.1707" = Opera 12.12
"PunkBusterSvc" = PunkBuster Services
"SP_008a99b9" =
"SP_5dec30d7" =
"Steam App 102500" = Kingdoms of Amalur: Reckoning™
"Steam App 200710" = Torchlight II
"Steam App 202170" = Sleeping Dogs™
"Steam App 203750" = Binary Domain
"Steam App 208480" = Assassin’s Creed® III
"Steam App 214420" = Gear Up
"Steam App 218230" = PlanetSide 2
"Steam App 229950" = Resident Evil 6 Benchmark Tool
"Steam App 24200" = DC Universe Online
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Uplay" = Uplay
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2405279664-821220407-2412138937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"SOE-DC Universe Online Live" = DC Universe Online Live
"Spotify" = Spotify
"WinRAR Packages" = WinRAR Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/19/2013 4:02:23 PM | Computer Name = BensComputer-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 3/19/2013 4:02:23 PM | Computer Name = BensComputer-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 3/19/2013 5:08:48 PM | Computer Name = BensComputer-PC | Source = MagniPicUpdater | ID = 0
Description =

Error - 3/20/2013 6:25:03 AM | Computer Name = BensComputer-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 3/20/2013 6:25:03 AM | Computer Name = BensComputer-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 3/20/2013 1:09:40 PM | Computer Name = BensComputer-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 3/20/2013 1:09:40 PM | Computer Name = BensComputer-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 3/20/2013 3:34:16 PM | Computer Name = BensComputer-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Au_.exe, version: 0.0.0.0, time stamp:
0x4b1ae3cc Faulting module name: SHELL32.dll, version: 6.1.7600.17038, time stamp:
0x4fd2d370 Exception code: 0xc0000005 Fault offset: 0x00245c08 Faulting process id:
0x624 Faulting application start time: 0x01ce25a1deebaa01 Faulting application path:
C:\Users\BEN'SC~1\AppData\Local\Temp\~nsu.tmp\Au_.exe Faulting module path: C:\Windows\syswow64\SHELL32.dll
Report
Id: 2662bde2-9195-11e2-a489-50465d65f083

Error - 3/20/2013 3:36:51 PM | Computer Name = BensComputer-PC | Source = System Restore | ID = 8193
Description =

Error - 3/21/2013 2:45:33 PM | Computer Name = BensComputer-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

[ System Events ]
Error - 3/21/2013 3:58:42 PM | Computer Name = BensComputer-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 3/21/2013 4:00:24 PM | Computer Name = BensComputer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/21/2013 4:00:24 PM | Computer Name = BensComputer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/21/2013 4:00:24 PM | Computer Name = BensComputer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/21/2013 4:05:24 PM | Computer Name = BensComputer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/21/2013 4:05:24 PM | Computer Name = BensComputer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/21/2013 4:05:24 PM | Computer Name = BensComputer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/21/2013 4:07:32 PM | Computer Name = BensComputer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/21/2013 4:07:32 PM | Computer Name = BensComputer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/21/2013 4:07:32 PM | Computer Name = BensComputer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >
That's the logs.. Please respond,
Thanks a million!

Edited by rshaffer61, 21 March 2013 - 03:42 PM.
Removed personal email info for security. .

  • 0

Advertisements


#2
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hello WarpGenesis and :welcome:

My name is Tom and I am going to be helping you with your malware removal. Please note that as I am currently still training, all of my posts have to be reviewed by my instructor prior to me posting them.

Before we continue, I would like you to read the following text:

  • Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
  • Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
  • Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
  • If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
  • Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
  • Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
  • Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
  • If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed


I will review your log now and get back to you as soon as possible with a fix. In the mean time, it would help me tremendously if you could post the logs from any tools you have run already :) They are usually found on your Desktop or in the root folder of your hard disk, usually C:\.

Tom
  • 0

#3
WarpGenesis

WarpGenesis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey Tom! Sadly, I lost this battle and the OS needed to be re-installed, I'll be updating in a bit on how the re-install goes! It's finishing the set up as we speak.
  • 0

#4
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi WarpGenesis,

No problem, good luck with the reinstall!

Tom
  • 0

#5
WarpGenesis

WarpGenesis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Windows installed perfectly, as did all the drivers and I removed the Windows.old folder with the virus on it. Everything is perfect now, :D Thankfully nothing important was on my computer, so it was just an inconvenience. Thank you so much for the timely responses Tom! Have a great day :)
  • 0

#6
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi WarpGenesis,

That's great news! Thanks for posting back the results - I'm glad you're all back up and running again :)

Tom
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP