Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

possible infection


  • Please log in to reply

#1
panthertooth

panthertooth

    Member

  • Member
  • PipPipPip
  • 214 posts
Hello i am a former Geeku student but did not finish my studies.

My friend had recently been having issues with her computer not being able to get updates and also having several blue screens, I ran a few scans superanitspyware and malwarebytes, they found some but mainly tracking cookies. I had posted on here in the windows 7 forum and was getting some help looking at different files etc. When i came up against a few certain issues i realized that there may be more to this then i was thinking so i ran OTL.

I am not that great at reading OTl because i never made it that far in the course but i can decipher some things and saw a few things that didn't look good to me, So here is the OTL log

OTL logfile created on: 4/17/2013 5:11:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ADMIN\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.17 Gb Available Physical Memory | 64.69% Memory free
16.00 Gb Paging File | 13.18 Gb Available in Paging File | 82.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 595.97 Gb Total Space | 383.16 Gb Free Space | 64.29% Space Free | Partition Type: NTFS
Drive E: | 227.94 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive F: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.15% Space Free | Partition Type: FAT32

Computer Name: ADMIN-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/17 17:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ADMIN\Downloads\OTL.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 02:17:04 | 004,103,672 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
PRC - [2012/12/14 02:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/12/14 02:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2012/12/14 02:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2012/11/01 12:48:10 | 004,253,968 | ---- | M] (Dolby Laboratories) -- C:\Program Files (x86)\DolbyAxon\Axon.exe
PRC - [2012/11/01 12:48:10 | 000,624,912 | ---- | M] (Dolby Laboratories) -- C:\Program Files (x86)\DolbyAxon\AxonLauncher.exe
PRC - [2012/10/16 06:54:22 | 001,041,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
PRC - [2012/09/24 23:06:14 | 000,122,696 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
PRC - [2008/12/26 15:22:42 | 000,148,712 | ---- | M] (Apricorn) -- C:\Program Files (x86)\Common Files\Apricorn\Schedule2\schedhlp.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/17 16:39:46 | 000,148,480 | ---- | M] () -- C:\Users\ADMIN\AppData\Local\Temp\DVP791D.tmp
MOD - [2012/11/01 12:21:52 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\DolbyAxon\zlib1.dll
MOD - [2012/10/16 18:41:00 | 003,775,488 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
MOD - [2012/10/16 06:54:22 | 001,041,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
MOD - [2012/10/11 17:57:28 | 008,295,424 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
MOD - [2012/10/11 17:57:28 | 001,553,408 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
MOD - [2012/10/11 17:57:28 | 001,188,352 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
MOD - [2012/10/11 17:57:28 | 001,132,032 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
MOD - [2012/10/11 17:57:28 | 001,062,400 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
MOD - [2012/10/11 17:57:28 | 000,920,064 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
MOD - [2012/10/11 17:57:28 | 000,702,464 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
MOD - [2012/10/11 17:57:28 | 000,641,536 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
MOD - [2012/10/11 17:57:28 | 000,504,832 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
MOD - [2012/10/11 17:57:28 | 000,500,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
MOD - [2012/10/11 17:57:28 | 000,478,720 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
MOD - [2012/10/11 17:57:28 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
MOD - [2012/10/11 17:57:28 | 000,229,888 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
MOD - [2012/10/11 17:57:28 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
MOD - [2012/10/11 17:57:28 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
MOD - [2012/10/11 17:57:28 | 000,138,752 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
MOD - [2012/10/11 17:57:28 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
MOD - [2012/10/11 17:57:28 | 000,116,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
MOD - [2012/10/11 17:57:28 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
MOD - [2012/10/11 17:57:28 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
MOD - [2012/10/11 17:57:28 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
MOD - [2012/10/11 17:57:28 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
MOD - [2012/09/24 23:06:14 | 001,233,389 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
MOD - [2012/09/24 23:06:14 | 000,122,696 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
MOD - [2012/05/10 23:24:16 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
MOD - [2012/05/10 23:24:16 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
MOD - [2012/05/10 23:24:16 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
MOD - [2012/05/10 23:24:16 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
MOD - [2012/05/10 23:24:16 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
MOD - [2012/05/10 23:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
MOD - [2012/05/10 23:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
MOD - [2012/05/09 19:34:06 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
MOD - [2012/05/09 19:34:06 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/12/19 12:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/11 11:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/06/14 22:42:48 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/13 10:56:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 02:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/09/24 23:06:14 | 000,231,752 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/26 15:23:22 | 000,571,112 | ---- | M] (Apricorn) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apricorn\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/01/07 22:53:16 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/12/19 13:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 12:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 04:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/08 15:08:06 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/10/13 13:05:50 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/14 22:42:44 | 002,159,728 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/11/27 00:47:56 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/18 18:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/17 19:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/07/23 08:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 10:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2010/04/12 12:36:26 | 000,044,344 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys -- (DualCoreCenter)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/05 23:55:20 | 000,033,080 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys -- (RushTopDevice_J)
DRV - [2008/12/19 05:17:36 | 000,075,576 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys -- (RushTopDevice2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 F9 2B 09 B1 CD CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1D814DBD-14D6-42C5-B7C8-067D6AA3F0C1}: "URL" = http://websearch.ask...7F-AE05E43A6FFD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [Apricorn Scheduler Service] C:\Program Files (x86)\Common Files\Apricorn\Schedule2\schedhlp.exe (Apricorn)
O4:64bit: - HKLM..\Run: [CheckIt Diagnostics 8] C:\Program Files\Smith Micro\CheckIt Diagnostics 8\cd8ctf.exe (Smith Micro)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84DE94A9-1D9B-4104-A15C-7DD7BCE7C240}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E9BD9E-3D52-4971-8B60-114225BA9C65}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/11 21:29:10 | 000,000,050 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{48f70d87-3e47-11e1-b203-806e6f6e6963}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/17 10:36:14 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Documents\Notes
[2013/04/17 10:29:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/17 09:54:28 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Curse Advertising
[2013/04/12 06:58:03 | 000,000,000 | -HSD | C] -- C:\found.004
[2013/04/06 22:14:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/04/06 21:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/04/06 21:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/04/06 21:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/04/06 19:28:36 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013/03/26 12:51:40 | 000,000,000 | -HSD | C] -- C:\found.003
[2012/01/08 15:08:06 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\ADMIN\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/17 16:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/17 16:31:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/17 13:31:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/17 09:50:46 | 000,019,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 09:50:46 | 000,019,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 09:50:27 | 000,796,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/17 09:50:27 | 000,672,662 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/17 09:50:27 | 000,125,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/17 09:43:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/17 09:43:20 | 714,237,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/17 09:43:18 | 2146,885,631 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/09 21:31:40 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/06 22:14:21 | 000,001,136 | ---- | M] () -- C:\Users\ADMIN\Desktop\Windows Update Troubleshooting Info.lnk
[2013/04/06 21:43:57 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/06 22:14:21 | 000,001,136 | ---- | C] () -- C:\Users\ADMIN\Desktop\Windows Update Troubleshooting Info.lnk
[2013/04/06 21:43:57 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/27 18:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/27 18:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/30 10:01:21 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/01/19 20:12:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/08 16:39:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/08 15:08:06 | 000,099,384 | ---- | C] () -- C:\Users\ADMIN\AppData\Roaming\inst.exe
[2012/01/08 15:08:06 | 000,007,859 | ---- | C] () -- C:\Users\ADMIN\AppData\Roaming\pcouffin.cat
[2012/01/08 15:08:06 | 000,001,167 | ---- | C] () -- C:\Users\ADMIN\AppData\Roaming\pcouffin.inf
[2012/01/07 20:58:18 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 19:51:28 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2012/01/07 19:41:16 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/11/23 12:42:14 | 016,834,517 | ---- | C] () -- C:\Program Files\CheckIt Diagnostics.pdf

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/26 09:20:12 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/04/17 09:54:59 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Curse Advertising
[2012/03/18 12:17:48 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\RIFT
[2013/01/18 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\TeamViewer
[2012/01/08 18:03:55 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\TuneUp Software
[2012/01/08 16:15:42 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Vso

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi panthertooth,

Me again ;) As an ex GeekU student you probably already know this but please note that as I am currently in training, my posts have to be reviewed by my instructor prior to me posting them.

Whilst I await a response from them, could you post your Extras.txt log please? It should be located on your Desktop.

Tom
  • 0

#3
panthertooth

panthertooth

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts
Here ya go

OTL Extras logfile created on: 4/17/2013 5:11:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ADMIN\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.17 Gb Available Physical Memory | 64.69% Memory free
16.00 Gb Paging File | 13.18 Gb Available in Paging File | 82.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 595.97 Gb Total Space | 383.16 Gb Free Space | 64.29% Space Free | Partition Type: NTFS
Drive E: | 227.94 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive F: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.15% Space Free | Partition Type: FAT32

Computer Name: ADMIN-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13C4D348-97A8-4429-8271-FB47511EA74D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{24C5D30F-DDF8-41CD-B960-262B2732BC83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26D35FB3-4341-4A3C-A27F-B1F551A212C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2F89ABAB-A6F0-434F-9A43-2964899BC1CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{382F69D2-1EAC-4064-8B1F-9FD36D2F8725}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48D39323-C259-4374-BA18-9F0EB94D9437}" = lport=445 | protocol=6 | dir=in | app=system |
"{58256664-3AE0-4331-88D9-0B6018ADE819}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C09E4F6-B508-48DC-B03D-D7D1441F23B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6CDE1721-6A86-49D5-B666-C0C1F7A2DDE0}" = rport=138 | protocol=17 | dir=out | app=system |
"{7FA5F31A-3363-4A63-A5A8-B4B7E699E51B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{865536D2-B822-4233-A60C-058D478AD218}" = rport=10243 | protocol=6 | dir=out | app=system |
"{91595714-7B24-413E-A299-8755421F80DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A461F2E3-8D07-44E2-8F09-DDC7628493B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{AC418D3B-CB68-4F52-88D8-95B151FE3335}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5306EB2-5E26-4111-9261-877633E63288}" = lport=138 | protocol=17 | dir=in | app=system |
"{BB99F0A0-11B5-4E5A-9506-B07A6B01B59F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD021AF6-56A2-4733-88DB-B61CADA2D099}" = rport=139 | protocol=6 | dir=out | app=system |
"{DFC72F59-7523-40EC-8EF5-E6F33CE4523D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1738D1D-B56E-4A9A-B96D-C39353B78D2D}" = lport=137 | protocol=17 | dir=in | app=system |
"{E658C527-A316-464D-B31A-7DAFADCC9C6E}" = lport=139 | protocol=6 | dir=in | app=system |
"{EAA2EAC3-7CFD-45F3-B20B-3CC401C933CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F1A480-BEAC-46E3-81EA-A1FCF1E8DCFF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{05B6792E-8C23-44E4-9AA1-51D787FAB4FE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{0893A4A5-A8DD-4FFD-80B7-0A36F502D477}" = protocol=1 | dir=in | [email protected],-28543 |
"{0BC4AA18-3FD8-4AC3-B041-F4C2B77A4DCD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{0BF96370-17C7-4C6C-9A60-E03A8158CBFA}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{0CEF8B54-52B7-4F48-BD91-80603561A607}" = protocol=6 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{0DCC092C-2B17-429E-BAD0-566F4414E695}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{1023F0C7-9E4E-4668-9BA7-52AC6C0F3167}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{110D1EC7-E6D3-41D3-9935-33622BA96E9B}" = protocol=58 | dir=in | app=system |
"{11F4A775-AF88-4202-8FBD-899F3F0012BE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15D9A289-140D-430D-85A0-F0D46DC4824C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{18EB6F18-C49A-49C9-97B1-70A86E126B84}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe |
"{1F955904-D780-4741-86A2-AAC3F1E6EA5D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{262FCE59-D2DB-4777-B3DC-61CDD766B669}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{2F8514FC-81D2-4E3B-8344-197A98EC3209}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{30717CC1-0501-4ADB-93B9-5D1108C819CE}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{310AA842-DFFA-4F68-A37B-20BAAD7E2D8D}" = protocol=17 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{33DBEF21-57B4-4474-B78A-E4CA4AB0CAB1}" = protocol=58 | dir=in | [email protected],-28545 |
"{44AD071B-6DF6-4C1A-9E26-728B7B7E0F6A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{44E868B3-ED3E-4BD1-B74A-6D22779D323B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46559D56-EA74-415B-98DF-74BADB17F02E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{48AA8EFD-1BE9-4D4C-9325-B47BDE2098E1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{49F92F65-4489-4118-9FEC-0BACCE291573}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{4CA218C1-1622-4357-ADAE-9DE3F3442FD3}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{4D0E3CB3-76CF-40D9-8F3D-41C41BF7E52C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{4DBACF80-A614-4F08-A5C0-506AEF67126C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51707A06-686A-46C5-BA92-BC652F35521D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{5943FAC6-38DA-474C-9EBD-A50E728D42FA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5C9774AF-E553-4843-AD41-9502A1C429EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{647A98E2-17A7-4BB4-B08B-6418274A7981}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6BA2CC7C-DF42-41F4-AED3-11CDAEF899DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C08456C-BF18-4640-8D57-BD20601EAA2E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{6D7646C6-6B9C-4A1E-9B4C-E15F27C9B2DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76BF514A-9518-44AC-A81B-A16783CFF298}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{771B41ED-28D7-4D25-BD22-597C8CC5EF54}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{7CAC1F23-5220-4A0A-80C7-AD0E8386007C}" = protocol=17 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{845B0E74-D803-4423-BEF0-9146982D27CD}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{8588F394-DD34-4E0E-ABD6-EA61E0A7A655}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8856CFFD-E6D0-4010-865D-07015911D896}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{90F82A21-7484-4A24-BE6F-DA8AF0B024A7}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{92330152-502C-4C24-884E-FCF940658FAD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9BFFE460-04C7-48F7-8CB8-28CFF5B4AFCD}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{A15149B2-E344-41AE-B450-94B43E1707B4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{A5869827-D420-4686-8258-7BC13B74EF73}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{A6990CD4-A796-48A2-BCDB-46C4E565B97D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB5B4F14-FBEA-4140-B203-F4A804AB16F2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AD79E883-E0B2-4888-943D-17C5215832DB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B1BF72D7-E473-4029-A540-8589A33CB530}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B68175D1-E522-46AB-962C-DAE85DD369BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6C90EA5-2586-4550-B5F7-7917D94C1B1E}" = protocol=58 | dir=out | [email protected],-28546 |
"{BA645D33-2122-47A2-A391-0E35EFC4BE3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BAC2B8FA-886A-4E23-AC35-E83A33664BC7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BF0EEC67-22B2-4CFA-BAE3-A4066E7604D7}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{C07B6C45-2E41-4BA4-B0F1-A786706643C5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C0960B84-4AB4-44AA-9D16-DC1D4D53F562}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{C6EE6EF5-775F-497A-BD66-3870B1B05124}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CC0FBC8E-1442-4FF4-8998-418B339958C4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{CD0E6141-BCD2-4C68-B777-6E31D7134E73}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{CE9119C6-1567-4D3B-B4D7-D189B47F4423}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{D2559539-64F5-449D-BF48-A4CBD30DF32D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBA5A3C1-FBC4-4228-A154-92DB0A26FA30}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E1879D78-8C9E-4CB4-AE49-F5B64FEB51D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2A49A81-AEEA-47B2-9A4A-D079DBBDECAB}" = protocol=58 | dir=out | [email protected],-503 |
"{E2A5711F-9C88-40D9-A127-19C798E96F07}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{E7C61D6C-0364-4A2D-A060-D8E230CF7E00}" = protocol=6 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{E8850ED5-8150-4103-B98D-CCD517BA2B81}" = protocol=6 | dir=out | app=system |
"{EB0F3226-B654-4B1C-A231-9004419C750F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{F313F271-5F4A-4BEE-9C29-E1BD7CE90EAD}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{F5395517-5D10-4F32-9ABD-F4E380C9AF60}" = protocol=1 | dir=out | [email protected],-28544 |
"{F5474EC5-811F-4AAA-A2FA-EDA0A6B23C6A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{FAFA5165-E7A1-481E-92EA-A0BC786C8046}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FDEFB523-D198-4620-A447-A516D3D94338}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{FE051B5B-F804-4DA9-AE45-60F1943D7077}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{0029F06E-677D-477A-874A-B5BE6CE46205}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{037665A2-6794-478A-A9FF-3BB57EC50CCC}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"TCP Query User{14654E92-8D63-404B-84F2-4F05968B385F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
"TCP Query User{157009EC-81F2-43F3-9B49-956C38AEDF57}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{16D0727B-A5F0-4B27-8A1C-4D1A5A4B2718}C:\program files\smith micro\checkit diagnostics 8\checkitdiagnostics.exe" = protocol=6 | dir=in | app=c:\program files\smith micro\checkit diagnostics 8\checkitdiagnostics.exe |
"TCP Query User{175102A0-6639-4D02-89AB-80F639A4C8B0}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"TCP Query User{1C278532-1792-4132-84F0-C6466A394666}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"TCP Query User{1F682178-774E-4FDC-B031-6FFDE0045BE0}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{278ABF11-8A06-40B8-973D-DCB61629682B}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"TCP Query User{2BE7A8AF-1BC1-4E94-B082-3DE2AE26FEF2}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{4393BFAA-8BC1-4972-9C77-2AC65E66F43F}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{499D6687-F683-452A-BBA3-71AE6D9345B8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{4A1DB288-4E7A-49BB-B192-F8A36C3FF285}C:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\jwwei67p\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\jwwei67p\starcraft_2_na_en-us.exe |
"TCP Query User{4E06E393-7E6B-4BF3-AD30-643DC8AE15ED}C:\users\admin\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\gw2.exe |
"TCP Query User{53AF063A-6C50-44E9-A87F-BCB8EEE79C85}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"TCP Query User{5586944A-583F-4943-930E-517AFE9C7875}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{63CB889A-D887-4CE7-8599-C8206C7D4A84}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{6E758D6A-8A15-4CC6-8CB8-481FBBD5D071}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{85E8D89B-F656-4463-9727-2C4734E6C4BB}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{926C46C9-D25A-40DF-B82F-85D25611A02F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{C6DF6487-186E-4149-BD19-7258B0C2947B}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{CB2AB371-1CC5-4ED4-93CC-EC80ED515168}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"TCP Query User{D6221AD2-4E99-4EF5-A753-C398216E013C}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"TCP Query User{D89A3A8A-4C9B-4AC4-A93E-3FA67E0898EB}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{DBB0527B-90A1-4062-B971-E3A649CA6DB8}C:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\152cb76z\diablo-iii-8370-enus-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\152cb76z\diablo-iii-8370-enus-installer-downloader.exe |
"TCP Query User{E0043D77-C098-4A71-88EE-C551726EEC6D}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E577AAFD-C0E2-474B-9B2D-8D0148FD5DDE}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{F46CC2D7-4C44-421A-B756-E81468E886DA}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{0E0E0EDB-1B42-474E-BAC3-0BA6D1A8FBBF}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{1067EAD5-A056-4937-A73A-2520CE683D38}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"UDP Query User{109C996C-BF4D-4066-8AB6-D0A67D6BA850}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{124536CA-EE4E-4F9A-853B-8391739F2B45}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"UDP Query User{15EC7729-FE1E-4D10-9654-E8F95B2C77A8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{16812FE6-257F-45AE-BFC5-2F08E75E50F9}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{1D34AEFC-2250-4551-AB3F-558E66771E40}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
"UDP Query User{20F0E842-E013-495C-8592-09716E9AE3FE}C:\users\admin\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\gw2.exe |
"UDP Query User{2D53345B-ABB4-4E2A-9651-44D6F25D68B7}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{2DF7A572-03A4-4C25-AA5B-0B70D419B0CD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{3294952D-285B-4DFF-AC37-36F21CACF799}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{3D5F193D-73AC-421F-9559-2E6006357F52}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{64786786-486E-43AA-A3B4-4DB09A739187}C:\program files\smith micro\checkit diagnostics 8\checkitdiagnostics.exe" = protocol=17 | dir=in | app=c:\program files\smith micro\checkit diagnostics 8\checkitdiagnostics.exe |
"UDP Query User{719EA43D-BE3D-4772-80EF-F1A40E754474}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{8E78DE67-F221-412B-A00D-BAB5CA50FE46}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"UDP Query User{8EC1E3EB-279F-422F-911B-A6DFF677C627}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"UDP Query User{98679076-FB16-4474-891A-0A528FF37124}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{9CE4DBBC-4DAF-4061-B1C6-9609ED0F905D}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{A21794EC-12F3-470A-BB38-9538CAE420F3}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{A860BC24-5421-4F2D-8DF3-D0396236EFB0}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"UDP Query User{B2985A85-BDC3-4F70-81C5-AF708F3578B8}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"UDP Query User{C6F70117-842E-42EF-8155-A153C0EBEB2E}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{C8AEA14D-E73A-4566-95E2-908AC9957D27}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"UDP Query User{CF0EFEB2-ADEC-456F-B6B1-4B6AB10B1D30}C:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\jwwei67p\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\jwwei67p\starcraft_2_na_en-us.exe |
"UDP Query User{E53BB441-7760-41E7-9B61-7D86E8CF60A1}C:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\152cb76z\diablo-iii-8370-enus-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\152cb76z\diablo-iii-8370-enus-installer-downloader.exe |
"UDP Query User{F06D6056-15FC-4126-A4F3-78275BD8B0E5}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F3E74149-73A6-43B1-B35A-7F815923E437}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{FD69C85B-0748-4F0C-B7E7-BD1CBB042833}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4CCF9FC3-76DF-49B2-8ED1-C85DCC58952E}" = CheckIt Diagnostics 8
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{C7345244-B77E-4296-9E89-FFEB633BA7A8}" = Intel Processor Diagnostic Tool 64Bit
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"WhoCrashed_is1" = WhoCrashed 4.01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.5.0.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{714ACFF3-B8A3-4AD6-937B-13C833D71033}" = Nero 7 Essentials
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90157C5D-D791-4D36-8C2B-7553DC01D601}" = ASUS VGA Driver
"{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"DVDFab Gold 4_is1" = DVDFab Gold 4.0.2.0 Beta
"Free Window Registry Repair" = Free Window Registry Repair
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Liveupdate4_is1" = Liveupdate4
"NETGEAR Genie" = NETGEAR Genie
"OverclockingCenter_is1" = OverclockingCenter
"StarCraft II" = StarCraft II
"TeamViewer 8" = TeamViewer 8
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/3/2012 2:58:35 PM | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Error - 12/3/2012 3:10:43 PM | Computer Name = ADMIN-PC | Source = Application Error
| ID = 1000

Description = Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wuaueng.dll, version: 7.6.7600.256, time stamp: 0x4fca9088
Exception code: 0xc0000005
Fault offset: 0x0000000000102f59
Faulting process id: 0x13c
Faulting application start time: 0x01cdd1882435a163
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\wuaueng.dll
Report Id: 2226e51e-3d7d-11e2-9f66-8c89a58e46c4
Error - 12/3/2012 7:23:35 PM | Computer Name = ADMIN-PC | Source = Application Error
| ID = 1000

Description = Faulting application name: PhotoScreensaver.scr, version: 6.1.7601.17514, time stamp: 0x4ce7af1a
Faulting module name: SHELL32.dll, version: 6.1.7601.17859, time stamp: 0x4fd2dfec
Exception code: 0xc0000005
Fault offset: 0x000000000009a719
Faulting process id: 0x79c
Faulting application start time: 0x01cdd1a03a9aebd5
Faulting application path: C:\Windows\system32\PhotoScreensaver.scr
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 754cffd2-3da0-11e2-9f66-8c89a58e46c4
Error - 12/4/2012 2:34:05 AM | Computer Name = ADMIN-PC | Source = Application Error
| ID = 1000

Error - 12/4/2012 12:34:48 PM | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CurseClient.exe, version: 4.0.0.10, time
stamp: 0x50abc156 Faulting module name: System.Xml.ni.dll, version: 2.0.50727.5420,
time stamp: 0x4ca2ba8e Exception code: 0xc0000005 Fault offset: 0x00000000003673cb
Faulting
process id: 0x350 Faulting application start time: 0x01cdd23d3aec545c Faulting application
path: C:\Users\ADMIN\AppData\Local\Apps\2.0\QKTN0E5K.BL0\GVVGEZJT.8D0\curs..tion_9e9e83ddf3ed3ead_0005.0001_dafeadaaa30c70ac\CurseClient.exe
Faulting
module path: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll
Report
Id: 84763b13-3e30-11e2-9166-8c89a58e46c4

Error - 12/4/2012 12:34:48 PM | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_WPDBusEnum, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process
id: 0x70 Faulting application start time: 0x01cdd23d31d1c255 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: unknown Report Id: 84766223-3e30-11e2-9166-8c89a58e46c4

Error - 12/4/2012 12:36:51 PM | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_WPDBusEnum, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process
id: 0xe28 Faulting application start time: 0x01cdd23d4848edbf Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: unknown Report Id: cd7b5eb8-3e30-11e2-9166-8c89a58e46c4

Error - 12/4/2012 12:41:53 PM | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_WPDBusEnum, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process
id: 0x558 Faulting application start time: 0x01cdd23d9047bdad Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: unknown Report Id: 818f3e46-3e31-11e2-9166-8c89a58e46c4

Error - 12/4/2012 2:05:16 PM | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iTunes.exe, version: 11.0.0.163, time stamp:
0x50b71fed Faulting module name: JavaScriptCore.dll, version: 7536.27.1.3, time
stamp: 0x50a59ac7 Exception code: 0xc0000005 Fault offset: 0x0008fe5c Faulting process
id: 0xc64 Faulting application start time: 0x01cdd24946724650 Faulting application
path: C:\Program Files (x86)\iTunes\iTunes.exe Faulting module path: C:\Program
Files (x86)\Common Files\Apple\Apple Application Support\JavaScriptCore.dll Report
Id: 27d41ecd-3e3d-11e2-9166-8c89a58e46c4

Error - 12/4/2012 2:47:02 PM | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MsMpEng.exe, version: 4.1.522.0, time stamp:
0x50515c57 Faulting module name: mpengine.dll, version: 1.1.9002.0, time stamp:
0x509be9ae Exception code: 0xc0000005 Fault offset: 0x0000000000024485 Faulting process
id: 0x360 Faulting application start time: 0x01cdd23d2ff5af1f Faulting application
path: c:\Program Files\Microsoft Security Client\MsMpEng.exe Faulting module path:
c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F619FA1F-4634-4808-80D2-267E4D0BE6A0}\mpengine.dll
Report
Id: fd783661-3e42-11e2-9166-8c89a58e46c4

Error - 12/6/2012 1:32:25 PM | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_iphlpsvc, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x400007fefe91a0c9 Faulting process
id: 0x138 Faulting application start time: 0x01cdd3d7a2453ce4 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: unknown Report Id: e5e799d4-3fca-11e2-9f04-8c89a58e46c4

Error - 12/6/2012 4:15:51 PM | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PhotoScreensaver.scr, version: 6.1.7601.17514,
time stamp: 0x4ce7af1a Faulting module name: msvcrt.dll, version: 7.0.7601.17744,
time stamp: 0x4eeb033f Exception code: 0xc0000005 Fault offset: 0x00000000000158e3
Faulting
process id: 0xdcc Faulting application start time: 0x01cdd3deb6409da5 Faulting application
path: C:\Windows\system32\PhotoScreensaver.scr Faulting module path: C:\Windows\system32\msvcrt.dll
Report
Id: baa6ee59-3fe1-11e2-9f04-8c89a58e46c4

Error - 12/6/2012 6:32:55 PM | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: VDeck.exe, version: 9.7.0.31, time stamp:
0x4e03f946 Faulting module name: COMCTL32.dll, version: 6.10.7601.17514, time stamp:
0x4ce7c45b Exception code: 0xc0000005 Fault offset: 0x000000000007f48b Faulting process
id: 0xa1c Faulting application start time: 0x01cdd401a019f861 Faulting application
path: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe Faulting module path:
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll
Report
Id: e0890ff6-3ff4-11e2-9ed2-8c89a58e46c4

Error - 12/8/2012 1:11:20 AM | Computer Name = ADMIN-PC | Source = ESENT | ID = 474
Description = wuaueng.dll (308) SUS20ClientDataStore: The database page read from
the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 126189568
(0x0000000007858000) (database page 3850 (0xF0A)) for 32768 (0x00008000) bytes
failed verification due to a page checksum mismatch. The expected checksum was
[4c304c30c2ee5177:3435343522130f26:9b5b9b5b76cf0f10:c1eac1ea7ff40f21] and the actual
checksum was [4c304c30e3ee7077:3435343522130f26:ba5bba5b76cf0f10:c1eac1ea7ff40f21].
The read operation will fail with error -1018 (0xfffffc06). If this condition
persists then please restore the database from a previous backup. This problem
is likely due to faulty hardware. Please contact your hardware vendor for further
assistance diagnosing the problem.

Error - 12/8/2012 1:11:56 AM | Computer Name = ADMIN-PC | Source = ESENT | ID = 474
Description = wuaueng.dll (308) SUS20ClientDataStore: The database page read from
the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 128024576
(0x0000000007a18000) (database page 3906 (0xF42)) for 32768 (0x00008000) bytes
failed verification due to a page checksum mismatch. The expected checksum was
[ee4511ba7003edbe:cd82327d92240f17:fd72028dd6c80f29:1291ed6e7ff40f45] and the actual
checksum was [ef4510ba7003edbe:cd82327d92240f17:fd72028dd6c80f29:1291ed6e7ff40f45].
The read operation will fail with error -1018 (0xfffffc06). If this condition
persists then please restore the database from a previous backup. This problem
is likely due to faulty hardware. Please contact your hardware vendor for further
assistance diagnosing the problem.

Error - 12/8/2012 8:51:36 PM | Computer Name = ADMIN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
time stamp: 0x5072b744 Faulting module name: jscript9.dll, version: 9.0.8112.16455,
time stamp: 0x5072b95a Exception code: 0xc0000005 Fault offset: 0x000000000001fc16
Faulting
process id: 0x528 Faulting application start time: 0x01cdd5a5c05d1c5f Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\jscript9.dll
Report
Id: 94b64efe-419a-11e2-9f43-8c89a58e46c4

[ System Events ]
Error - 4/17/2013 6:35:48 PM | Computer Name = ADMIN-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x80070006 Error description: The handle is invalid. Reason: %%837

Error - 4/17/2013 6:35:53 PM | Computer Name = ADMIN-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x80070006 Error description: The handle is invalid. Reason: %%836

Error - 4/17/2013 6:35:56 PM | Computer Name = ADMIN-PC | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 4/17/2013 8:00:42 PM | Computer Name = ADMIN-PC | Source = Microsoft Antimalware | ID = 5008
Description = %%860 engine has been terminated due to an unexpected error. Failure
Type: %%830 Exception code: 0xc0000005 Resource: file:C:\Windows\SysWOW64\tvratings.dll

Error - 4/17/2013 8:00:42 PM | Computer Name = ADMIN-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80070006 Error description: The handle is invalid. Reason: %%837

Error - 4/17/2013 8:00:42 PM | Computer Name = ADMIN-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80070006 Error description: The handle is invalid. Reason: %%837

Error - 4/17/2013 8:00:42 PM | Computer Name = ADMIN-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x80070006 Error description: The handle is invalid. Reason: %%837

Error - 4/17/2013 8:00:53 PM | Computer Name = ADMIN-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x80508001 Error description: A problem is preventing the program from starting.
Install any available updates, and then try to start the program again. For information
on installing updates, see Help and Support. Signature version: 1.147.2006.0;1.147.2006.0

Engine
version: 1.1.9302.0

Error - 4/17/2013 8:00:52 PM | Computer Name = ADMIN-PC | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 4/17/2013 8:01:07 PM | Computer Name = ADMIN-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Microsoft Antimalware Service
service, but this action failed with the following error: %%1056


< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP