Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware on External Harddrive? [Solved]


  • This topic is locked This topic is locked

#1
terminallyfacetious

terminallyfacetious

    Member

  • Member
  • PipPip
  • 11 posts
Not sure if this is malware, but I use a WD 'My Passport' and recently none of the computers I've tested it on (Windows 7 and 8) have detected it. What hakes it seem malicious is that it also consistently crashes Windows Explorer, effectively rendering the computer useless until restarting it. (It also crashes anything trying to detect a device, such as disk management). There doesn't seem to be physical damage to the harddrive, but it's bizzare that malware would install only to an external device. What can this be and how can I fix it, or at the very least retrieve my files?

Thank you for your help!
  • 0

Advertisements


#2
terminallyfacetious

terminallyfacetious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
P.S. I could not use OTL to generate a log, because OTL crashed when it got to scanning external devices (I assume). This thing is seriously annoying.
  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello terminallyfacetious and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

First little explanation. Malware can not be active on external drives. Malware infects running systems. If your system is infected than it can prevent you from using your external HDD. In your case, your external hard drive can't be seen by any system and that's to be worried about. From my stand this drive could be dieing, or external drive electronics, and you need to backup all data from it.

Our first step is to make sure you are not infected. Please disconnect your external drive for now. After that we'll see what to do with your external drive.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 3

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#4
terminallyfacetious

terminallyfacetious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here are the OTL logs:

OTL:

OTL logfile created on: 5/24/2013 11:04:01 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Documents
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 34.77% Memory free
4.31 Gb Paging File | 1.49 Gb Available in Paging File | 34.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 3.43 Gb Free Space | 1.15% Space Free | Partition Type: NTFS

Computer Name: SCOTT-LAPTOP | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Users\Scott\My Documents\OTL.exe
PRC - File not found --
PRC - [2013/05/08 01:21:14 | 000,583,968 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2013/03/11 16:44:23 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
PRC - [2013/02/26 17:50:16 | 001,656,344 | ---- | M] (Hobbyist Software) -- C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
PRC - [2013/01/02 13:49:24 | 000,548,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2013/01/02 13:49:22 | 002,671,600 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2013/01/02 13:49:20 | 006,657,528 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2012/09/17 03:06:39 | 001,348,176 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
PRC - [2012/09/10 16:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/09/05 04:04:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012/08/29 14:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/08/27 21:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/07/19 16:07:51 | 000,821,840 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
PRC - [2011/08/01 15:29:06 | 001,761,280 | ---- | M] (ArcticLine Software) -- C:\Program Files (x86)\Jet Screenshot\jetScreenshot.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/15 18:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/10/11 17:45:04 | 001,968,128 | ---- | M] (Ogapee/Haeleth/Sonozaki) -- C:\Users\Scott\uminkeo\[WH] Umineko English\Umineko no Naku Koro ni.exe
PRC - [2009/01/12 01:37:33 | 000,959,776 | ---- | M] (ABBYY Software Ltd) -- C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe
PRC - [2008/12/19 14:34:58 | 000,759,072 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 20:21:09 | 013,136,776 | ---- | M] () -- C:\Users\Scott\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 04:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/11 16:44:23 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
MOD - [2013/02/15 14:50:55 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bfceac53dda4bf7ba2f5020573f80163\System.ServiceProcess.ni.dll
MOD - [2013/02/15 14:50:25 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/02/09 00:15:22 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\Hobbyist Software\VLC Streamer\NBug.dll
MOD - [2013/02/01 00:16:08 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c71b89000bd728ffd6ed95eedac84a5b\System.Xml.Linq.ni.dll
MOD - [2013/02/01 00:15:20 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\226b49e36969d1fcbc2d04598135cab9\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2013/02/01 00:14:30 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\7d3a95d2123d5a7982a451f1319fab8d\System.Core.ni.dll
MOD - [2013/01/29 23:50:07 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\428143857fa1c250d50ec55132dd8a2f\System.Runtime.Serialization.ni.dll
MOD - [2013/01/29 23:13:29 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll
MOD - [2013/01/29 23:13:07 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll
MOD - [2013/01/29 23:12:56 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36b839247bd1d22a7fd014a74abe9729\PresentationFramework.ni.dll
MOD - [2013/01/29 23:12:33 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/29 23:12:30 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\549690bfac66934b7c7fd5cf8b120b7c\PresentationCore.ni.dll
MOD - [2013/01/29 23:12:16 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/01/29 23:12:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/29 23:12:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/29 23:12:04 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/29 23:11:56 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/04/26 15:38:30 | 020,758,016 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/08 20:22:58 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Hobbyist Software\VLC Streamer\ZeroconfService.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/04/11 16:14:12 | 000,321,536 | ---- | M] () -- C:\Users\Scott\uminkeo\[WH] Umineko English\SDL.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/26 18:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/05/14 19:33:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/08 01:21:14 | 000,583,968 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2013/04/19 17:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/02 13:49:24 | 000,548,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/07/19 16:07:51 | 000,821,840 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0)
SRV - [2012/05/24 18:18:57 | 000,111,664 | ---- | M] (TMRG, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/19 14:34:58 | 000,759,072 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.ScreenshotReader.9.0)
SRV - [2007/02/05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/20 18:44:52 | 000,032,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stdriverx64.sys -- (stdriver)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/06/10 23:59:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/10 07:02:40 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 19:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/26 18:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/08 13:44:39 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/04/28 05:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2009/09/22 21:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 21:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 21:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 21:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/01/29 07:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2006/10/18 03:00:00 | 000,052,760 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2013/05/03 18:05:18 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\STEC3.sys -- (STEC3)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 B1 DF B6 FD C7 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000207c8f48297c
IE - HKCU\..\SearchScopes\{DF6583B5-7433-41AC-8E39-FECF6F568B72}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...00207c8f48297c"
FF - prefs.js..keyword.URL: "http://search.babylo...07c8f48297c&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Scott\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Scott\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/31 19:24:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge [2012/08/31 19:08:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\fbphotozoom\fbphotozoom14.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/28 19:57:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/31 19:24:42 | 000,000,000 | ---D | M]

[2012/07/25 18:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2012/11/01 00:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\88gj73rw.default\extensions
[2012/11/01 00:28:24 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\88gj73rw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/02/14 10:54:56 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\88gj73rw.default\extensions\[email protected]
[2012/07/22 14:41:26 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\88gj73rw.default\extensions\[email protected]
[2012/06/21 06:42:21 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\88gj73rw.default\extensions\[email protected]
[2013/03/28 19:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: Relevant-Knowledge (Enabled) = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins/rlcm.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Scott\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: From Dust = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj\0.0.0.23_0\
CHR - Extension: Google Drive = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Netflix = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
CHR - Extension: General Crawler = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: Ponyhoof = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd\1.581_0\
CHR - Extension: Get a citation from an ISBN = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbicllkhjbchdomagdgdcmbafcifcnc\1.6.2_0\
CHR - Extension: AdBlock = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: The RGB Game = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnieofmjopiiifehpejcgcpailcndege\1.2.2.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\
CHR - Extension: RelevantKnowledge = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\
CHR - Extension: TypingClub = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\4.0_0\
CHR - Extension: Mini Ninjas = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijfbknbncemokdnlboeabbcfhobechi\1.0.0.18_0\
CHR - Extension: Sinuous = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\
CHR - Extension: Bastion = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid\0.0.0.4_0\
CHR - Extension: Gmail = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Canvas Rider = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.71_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ABBYY Screenshot Reader Retail] C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenShotReader.exe (ABBYY Software Ltd)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKCU..\Run: [ABBYY Screenshot Reader Retail] C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe (ABBYY Software Ltd)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Digiarty_Software_AirPlayit] "H:\Programs\Air_Playit\airplayit.exe" -min File not found
O4 - HKCU..\Run: [Hobbyist Software VLC Streamer] C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe (Hobbyist Software)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
O4 - HKCU..\Run: [Jet Screenshot] C:\Program Files (x86)\Jet Screenshot\jetScreenshot.exe (ArcticLine Software)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &使用优蛋下载 - C:\Program Files (x86)\115\UDown\getUrl.htm File not found
O8:64bit: - Extra context menu item: &使用优蛋下载全部链接 - C:\Program Files (x86)\115\UDown\getAllUrl.htm File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Zoom In [+] - res://C:\Program Files (x86)\BrowserTweaks\PictureMagnifier\ztool.dll/202 File not found
O8:64bit: - Extra context menu item: Zoom Out [-] - res://C:\Program Files (x86)\BrowserTweaks\PictureMagnifier\ztool.dll/203 File not found
O8 - Extra context menu item: &使用优蛋下载 - C:\Program Files (x86)\115\UDown\getUrl.htm File not found
O8 - Extra context menu item: &使用优蛋下载全部链接 - C:\Program Files (x86)\115\UDown\getAllUrl.htm File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Zoom In [+] - res://C:\Program Files (x86)\BrowserTweaks\PictureMagnifier\ztool.dll/202 File not found
O8 - Extra context menu item: Zoom Out [-] - res://C:\Program Files (x86)\BrowserTweaks\PictureMagnifier\ztool.dll/203 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0080DD30-1519-4E7C-8F27-19D65D8ABF72}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74DC4145-58C5-419C-B5D1-1899AD715CB8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - "H:\PROGRAMS\PROCESSEXPLORER\PROCEXP.EXE" File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - "H:\PROGRAMS\PROCESSEXPLORER\PROCEXP.EXE" File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/22 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\Scott\[WH] Umineko English
[2013/05/19 16:44:36 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\The.Bridge.On.The.River.Kwai.1957.1080p.Bluray.x264.anoXmous
[2013/05/19 16:05:08 | 000,000,000 | ---D | C] -- C:\Users\Scott\uminkeo
[2013/05/17 23:49:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Documents\OTL.exe
[2013/05/13 17:15:44 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Boomzap
[2013/05/13 17:13:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Otherworld - Spring of Shadows CE
[2013/05/13 17:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxy Games
[2013/05/13 17:11:42 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/05/13 00:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2013/05/13 00:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2013/05/13 00:28:48 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2013/05/13 00:28:06 | 000,235,080 | ---- | C] (Big Fish Games) -- C:\Users\Scott\Documents\SOng of pphoebic.exe
[2013/05/12 14:46:29 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\RJ101805
[2013/05/08 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\OneNote Notebooks
[2013/05/08 02:26:36 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\crass-0.4.14.0
[2013/05/06 17:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY Screenshot Reader
[2013/05/06 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY Screenshot Reader
[2013/05/05 03:12:11 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wakan
[2013/05/05 03:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wakan
[2013/05/05 03:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wakan
[2013/05/04 13:55:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Key
[2013/05/03 18:05:18 | 000,002,368 | ---- | C] (AntiCracking) -- C:\Windows\SysWow64\STEC3.sys
[2013/05/01 20:48:00 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\FEZ
[2013/04/30 21:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013/04/30 19:58:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Be
[2013/02/20 22:15:43 | 007,196,672 | ---- | C] (株式会社グリーンウッド) -- C:\ProgramData\malie.exe
[2012/09/16 01:46:07 | 003,002,368 | ---- | C] (BURIKO Co.,Ltd.) -- C:\Users\Scott\BGI.exe
[2012/08/26 16:30:39 | 004,614,351 | ---- | C] (Chris Jones) -- C:\Users\Scott\5days.exe
[2012/05/04 20:08:05 | 001,974,352 | ---- | C] (None) -- C:\Users\Scott\VisualBoyAdvance.exe
[2012/05/04 03:04:00 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[2012/04/27 21:11:24 | 000,099,840 | ---- | C] (Lunarian Concepts) -- C:\Users\Scott\Lunar IPS.exe
[7 C:\Users\Scott\Documents\*.tmp files -> C:\Users\Scott\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/24 23:07:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4055958623-2821699262-1876166726-1001Core.job
[2013/05/24 22:56:58 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4055958623-2821699262-1876166726-1001UA.job
[2013/05/24 22:56:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/24 22:56:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/24 04:52:27 | 000,377,856 | ---- | M] () -- C:\Users\Scott\Documents\h1iigz72.exe
[2013/05/24 04:52:18 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/24 04:52:18 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/24 04:41:18 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/22 22:35:35 | 000,019,867 | ---- | M] () -- C:\Users\Scott\Documents\[Fuwanovel]_Umineko_no_Naku__Koro_ni_1-4_(PS3_Sprites_+_Voices).torrent
[2013/05/22 19:00:17 | 000,002,330 | ---- | M] () -- C:\Users\Scott\vba.ini
[2013/05/21 21:41:44 | 000,563,472 | ---- | M] () -- C:\Users\Scott\Documents\tumblr_inline_mmzw6uR6HG1qz4rgp.png
[2013/05/21 20:54:38 | 000,135,096 | ---- | M] () -- C:\Users\Scott\Documents\Photo on 2013-05-21 at 20.56.jpg
[2013/05/21 20:50:55 | 000,098,754 | ---- | M] () -- C:\Users\Scott\Documents\Photo on 2013-05-21 at 20.53.jpg
[2013/05/19 21:29:07 | 000,802,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/19 21:29:07 | 000,664,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/19 21:29:07 | 000,133,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/18 17:08:37 | 000,997,500 | ---- | M] () -- C:\Users\Scott\Documents\Umineko4final-2013-05-18.zip
[2013/05/17 23:49:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Documents\OTL.exe
[2013/05/13 19:11:04 | 005,008,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/13 17:00:44 | 000,029,938 | ---- | M] () -- C:\Users\Scott\Documents\[091127][戯画]BALDR SKY Dive 1+2.torrent
[2013/05/13 00:35:59 | 000,011,865 | ---- | M] () -- C:\Users\Scott\Documents\otherworl.torrent
[2013/05/13 00:28:10 | 000,235,080 | ---- | M] (Big Fish Games) -- C:\Users\Scott\Documents\SOng of pphoebic.exe
[2013/05/08 18:09:14 | 000,001,350 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/05/05 20:12:47 | 000,018,128 | ---- | M] () -- C:\Users\Scott\Documents\5F9F5972D579C4A22C2D22C0EA05AEC6499D79E3.torrent
[2013/05/03 18:05:18 | 000,002,368 | ---- | M] (AntiCracking) -- C:\Windows\SysWow64\STEC3.sys
[2013/05/01 20:47:39 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/05/01 20:47:39 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[7 C:\Users\Scott\Documents\*.tmp files -> C:\Users\Scott\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/24 04:52:19 | 000,377,856 | ---- | C] () -- C:\Users\Scott\Documents\h1iigz72.exe
[2013/05/22 22:35:32 | 000,019,867 | ---- | C] () -- C:\Users\Scott\Documents\[Fuwanovel]_Umineko_no_Naku__Koro_ni_1-4_(PS3_Sprites_+_Voices).torrent
[2013/05/21 21:41:43 | 000,563,472 | ---- | C] () -- C:\Users\Scott\Documents\tumblr_inline_mmzw6uR6HG1qz4rgp.png
[2013/05/21 20:54:37 | 000,135,096 | ---- | C] () -- C:\Users\Scott\Documents\Photo on 2013-05-21 at 20.56.jpg
[2013/05/21 20:50:54 | 000,098,754 | ---- | C] () -- C:\Users\Scott\Documents\Photo on 2013-05-21 at 20.53.jpg
[2013/05/18 17:08:36 | 000,997,500 | ---- | C] () -- C:\Users\Scott\Documents\Umineko4final-2013-05-18.zip
[2013/05/13 17:00:40 | 000,029,938 | ---- | C] () -- C:\Users\Scott\Documents\[091127][戯画]BALDR SKY Dive 1+2.torrent
[2013/05/13 00:35:54 | 000,011,865 | ---- | C] () -- C:\Users\Scott\Documents\otherworl.torrent
[2013/05/13 00:32:46 | 000,001,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2013/05/13 00:32:45 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2013/05/08 18:09:14 | 000,001,350 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/05/05 20:12:47 | 000,018,128 | ---- | C] () -- C:\Users\Scott\Documents\5F9F5972D579C4A22C2D22C0EA05AEC6499D79E3.torrent
[2013/02/02 20:29:45 | 004,867,818 | ---- | C] () -- C:\Users\Scott\After the waterfall.JPG
[2013/02/02 20:29:45 | 004,827,484 | ---- | C] () -- C:\Users\Scott\Everyone else had a wet booty.JPG
[2013/02/02 20:29:45 | 001,812,873 | ---- | C] () -- C:\Users\Scott\Everybody cheated.JPG
[2013/02/02 20:29:45 | 001,622,318 | ---- | C] () -- C:\Users\Scott\Bear, Mosquito and Salmon. This was a draw - we were all bears.JPG
[2013/02/02 20:29:45 | 001,583,765 | ---- | C] () -- C:\Users\Scott\I think I was drawing_.JPG
[2013/02/02 20:29:45 | 001,461,387 | ---- | C] () -- C:\Users\Scott\I made a tiny fort, though.JPG
[2013/02/02 20:29:45 | 001,422,517 | ---- | C] () -- C:\Users\Scott\Deer and wolves always degenerated into tag very quickly. We were the deer.JPG
[2013/02/02 20:29:45 | 001,365,919 | ---- | C] () -- C:\Users\Scott\I miss the old, simple times like this.JPG
[2013/02/02 20:29:45 | 001,271,841 | ---- | C] () -- C:\Users\Scott\And then I found a buddy.JPG
[2013/02/02 20:29:45 | 001,204,990 | ---- | C] () -- C:\Users\Scott\Cliffdale's chickens were always a joy.JPG
[2013/02/02 20:29:45 | 001,167,907 | ---- | C] () -- C:\Users\Scott\Except I was a wolf.JPG
[2013/02/02 20:29:45 | 000,958,239 | ---- | C] () -- C:\Users\Scott\I loved to dissect the pellets.JPG
[2013/02/02 20:29:45 | 000,952,044 | ---- | C] () -- C:\Users\Scott\Elissa, your techniques are too kind.JPG
[2013/02/02 20:29:45 | 000,925,598 | ---- | C] () -- C:\Users\Scott\I always wondered what I was looking at back then.JPG
[2013/02/02 20:29:45 | 000,854,828 | ---- | C] () -- C:\Users\Scott\I think it was a dragonfly.JPG
[2013/02/02 20:29:44 | 005,375,677 | ---- | C] () -- C:\Users\Scott\Waterfall log.JPG
[2013/02/02 20:29:44 | 005,372,427 | ---- | C] () -- C:\Users\Scott\Stepping stones _ Falling and breaking my neck.JPG
[2013/02/02 20:29:44 | 005,217,680 | ---- | C] () -- C:\Users\Scott\Ryan, 4 [bleep]es, Jack and Tim, three [bleep]es, a good friend, Sarah, Myself and Emma.JPG
[2013/02/02 20:29:44 | 005,206,269 | ---- | C] () -- C:\Users\Scott\Turkey Hill's view is always spectacular.JPG
[2013/02/02 20:29:44 | 005,193,368 | ---- | C] () -- C:\Users\Scott\We hike here every session, remember_.JPG
[2013/02/02 20:29:44 | 005,153,173 | ---- | C] () -- C:\Users\Scott\We really wanted to slide....JPG
[2013/02/02 20:29:44 | 005,044,048 | ---- | C] () -- C:\Users\Scott\Jack's in front. The first brony you ever met, remember_.JPG
[2013/02/02 20:29:44 | 004,965,446 | ---- | C] () -- C:\Users\Scott\I wanted to keep my butt dry.JPG
[2013/02/02 20:29:44 | 004,864,252 | ---- | C] () -- C:\Users\Scott\Piggybacking at Teatown.JPG
[2013/02/02 20:29:44 | 004,833,154 | ---- | C] () -- C:\Users\Scott\We almost broke it, too!.JPG
[2013/02/02 20:29:44 | 004,807,683 | ---- | C] () -- C:\Users\Scott\We all hiked up the waterfall.JPG
[2013/02/02 20:29:44 | 004,749,342 | ---- | C] () -- C:\Users\Scott\We were avoiding the spider while resting.JPG
[2013/02/02 20:29:44 | 001,784,475 | ---- | C] () -- C:\Users\Scott\This game was always intense. It never really needed a name.JPG
[2013/02/02 20:29:44 | 001,570,966 | ---- | C] () -- C:\Users\Scott\We tied as Mosquitoes.JPG
[2013/02/02 20:29:44 | 001,441,515 | ---- | C] () -- C:\Users\Scott\That fort was never finished.JPG
[2013/02/02 20:29:44 | 001,234,892 | ---- | C] () -- C:\Users\Scott\We always got this lecture, whether we'd heard it before or not.JPG
[2013/02/02 20:29:44 | 001,224,065 | ---- | C] () -- C:\Users\Scott\We loved the Piece of Scat song, mainly because it was adapted from the Piece of [bleep] song.JPG
[2013/02/02 20:29:44 | 001,219,128 | ---- | C] () -- C:\Users\Scott\So much strategy.JPG
[2013/02/02 20:29:44 | 001,175,635 | ---- | C] () -- C:\Users\Scott\Strategy is key in BMS.JPG
[2013/02/02 20:29:44 | 001,156,539 | ---- | C] () -- C:\Users\Scott\What happened to my coat_.JPG
[2013/02/02 20:29:44 | 001,098,651 | ---- | C] () -- C:\Users\Scott\I was a hungry wolf.JPG
[2013/02/02 20:29:44 | 001,032,076 | ---- | C] () -- C:\Users\Scott\I was the only one focusing.JPG
[2013/02/02 20:29:44 | 000,984,706 | ---- | C] () -- C:\Users\Scott\So very determined.JPG
[2013/02/02 20:29:44 | 000,959,857 | ---- | C] () -- C:\Users\Scott\I was determined to make my own fun.JPG
[2012/11/18 06:43:14 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012/11/18 03:33:01 | 526,457,250 | ---- | C] () -- C:\Users\Scott\Corpse Party.rar
[2012/11/01 21:56:09 | 132,375,283 | ---- | C] () -- C:\Users\Scott\FR90PE_ESD.exe
[2012/11/01 00:29:05 | 334,081,410 | ---- | C] () -- C:\Users\Scott\HouseOfLeaves.zip
[2012/10/28 14:21:56 | 000,291,826 | ---- | C] () -- C:\Windows\To the Moon Uninstaller.exe
[2012/10/07 23:01:37 | 536,870,912 | ---- | C] () -- C:\Users\Scott\5400 Ninokuni - Shikkoku no Madoushi (JP).nds
[2012/10/07 19:12:11 | 000,274,267 | ---- | C] () -- C:\Users\Scott\Magical Pop'n (Japan) [En by Aeon Genesis v1.01].zst
[2012/10/07 18:23:11 | 002,228,224 | ---- | C] () -- C:\Users\Scott\Magical Pop'n (Japan) [En by Aeon Genesis v1.01].sfc
[2012/10/07 18:18:38 | 000,091,702 | ---- | C] () -- C:\Users\Scott\Magical Pop'n (English) v1.01.ups
[2012/10/07 18:15:38 | 001,048,576 | ---- | C] () -- C:\Users\Scott\Tetris Battle Gaiden.smc
[2012/09/18 08:46:44 | 000,000,258 | RHS- | C] () -- C:\Users\Scott\ntuser.pol
[2012/09/01 01:17:06 | 137,578,496 | ---- | C] () -- C:\Users\Scott\紅魔城伝説.iso
[2012/07/31 01:38:39 | 3393,454,080 | ---- | C] () -- C:\Users\Scott\Rule of Rose PS2_DVD.ISO
[2012/07/30 15:33:04 | 2419,155,351 | ---- | C] () -- C:\Users\Scott\Rule of Rose + Soundtrack (NTSC) PS2.7z
[2012/07/30 09:06:12 | 508,595,337 | ---- | C] () -- C:\Users\Scott\RGD_Trial_v2_setup.exe
[2012/07/30 00:16:33 | 660,740,180 | ---- | C] () -- C:\Users\Scott\Grim Fandango - Disc 1.nrg
[2012/07/26 16:57:19 | 2525,708,903 | ---- | C] () -- C:\Users\Scott\STEINS;GATE.7z
[2012/07/26 09:11:54 | 1748,948,669 | ---- | C] () -- C:\Users\Scott\STEINS;GATE-v1.0.ipa
[2012/07/24 20:41:17 | 000,026,567 | ---- | C] () -- C:\Users\Scott\12隧ア.srt
[2012/07/24 18:41:00 | 253,133,040 | ---- | C] () -- C:\Users\Scott\arigatou.mushi-shi.ep01.[x264.aac][6306f88c].mkv
[2012/07/23 23:23:09 | 004,916,328 | ---- | C] () -- C:\Users\Scott\edict2.gz
[2012/07/23 23:23:03 | 004,449,776 | ---- | C] () -- C:\Users\Scott\edict.gz
[2012/07/23 23:06:29 | 000,002,056 | ---- | C] () -- C:\Windows\SysWow64\SARCheck.dll
[2012/07/23 22:21:06 | 1873,116,107 | ---- | C] () -- C:\Users\Scott\[BLゲーム][Nitro+CHiRAL]Lamento-BEYOND THE VOID-.rar
[2012/07/22 19:06:43 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/07/22 08:50:00 | 000,493,071 | ---- | C] () -- C:\Users\Scott\tumblr_lqd7tjXdjs1qcji9c.gif
[2012/07/21 23:51:39 | 001,283,224 | ---- | C] () -- C:\Users\Scott\Sonic 1 Megamix v3.0.bin
[2012/07/21 23:51:25 | 014,755,840 | ---- | C] () -- C:\Users\Scott\S1MMU.iso
[2012/07/12 02:29:54 | 268,435,456 | ---- | C] () -- C:\Users\Scott\Pokemon Conquest (USA) (Patched).nds
[2012/07/10 18:07:01 | 268,435,456 | ---- | C] () -- C:\Users\Scott\6039 - Pokemon Conquest (U).nds
[2012/06/21 07:52:06 | 268,435,456 | ---- | C] () -- C:\Users\Scott\XXXX - Pokmon Conquest (USA).nds
[2012/06/21 06:42:20 | 000,001,903 | ---- | C] () -- C:\Users\Scott\Download NDS_-_Pokemon_Conquest_(USA).lnk
[2012/06/15 23:58:40 | 2575,758,774 | ---- | C] () -- C:\Users\Scott\[PCゲーム][100826] NITRO+ 5pb - STEINS;GATE シュタインズ ゲート 初回版 (MDF MDS 3%RR).rar
[2012/06/15 01:53:56 | 000,000,000 | ---- | C] () -- C:\Users\Scott\「うみねこのなく頃に」EP4.mdf
[2012/06/15 01:53:31 | 000,000,000 | ---- | C] () -- C:\Users\Scott\(C79)(同人ゲーム)[07th Expansion]うみねこのなく頃に散Ep8~Twilight of the Golden Witch~.iso
[2012/06/10 23:49:15 | 590,145,024 | ---- | C] () -- C:\Users\Scott\彼岸花の咲く夜に 第一夜.mdf
[2012/06/10 23:49:15 | 000,000,500 | ---- | C] () -- C:\Users\Scott\彼岸花の咲く夜に 第一夜.mds
[2012/06/10 22:47:45 | 493,387,776 | ---- | C] () -- C:\Users\Scott\彼岸花の咲く夜に 第一夜.iso
[2012/06/10 13:33:37 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/06/10 13:31:59 | 000,000,012 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012/06/10 13:31:59 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012/06/10 13:31:41 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd2070n.dat
[2012/06/10 13:30:35 | 000,000,275 | ---- | C] () -- C:\Windows\Brownie.ini
[2012/06/03 01:09:00 | 000,210,996 | ---- | C] () -- C:\Users\Scott\MLP_PortalAdvance.gba
[2012/05/28 12:01:27 | 134,217,728 | ---- | C] () -- C:\Users\Scott\5478_-_Ghost_Trick_-_Phantom_DetectiveUSA_NDS-XPA.nds
[2012/05/24 17:54:41 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2012/05/24 17:53:53 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2012/05/24 17:53:52 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2012/05/22 12:22:58 | 033,554,432 | ---- | C] () -- C:\Users\Scott\Phoenix Wright Ace Attorney - Justice For All.nds
[2012/05/16 19:51:32 | 503,406,287 | ---- | C] () -- C:\Users\Scott\[#Comiket][C80] Touhou 13 東方神霊廟 ~ Ten Desires.7z
[2012/05/14 23:46:09 | 1156,944,190 | ---- | C] () -- C:\Users\Scott\G-Senjou no Maou.rar
[2012/05/14 22:00:25 | 260,034,828 | ---- | C] () -- C:\Users\Scott\Saya no Uta.zip
[2012/05/14 09:47:55 | 067,108,864 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Partners in Time.nds
[2012/05/13 10:59:05 | 000,032,768 | ---- | C] () -- C:\Users\Scott\11.sav
[2012/05/13 08:56:38 | 268,435,456 | ---- | C] () -- C:\Users\Scott\Inazuma REAL.nds
[2012/05/13 08:39:11 | 268,435,456 | ---- | C] () -- C:\Users\Scott\5535_-_Inazuma_Eleven_EUR_NDS-DDumpers.nds
[2012/05/08 19:30:02 | 000,119,967 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga10.sgm
[2012/05/08 19:14:22 | 000,125,739 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga8.sgm
[2012/05/07 17:07:46 | 000,107,344 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga9.sgm
[2012/05/07 16:18:27 | 000,113,114 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga2.sgm
[2012/05/07 16:18:24 | 000,111,561 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga4.sgm
[2012/05/07 16:18:21 | 000,111,335 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga5.sgm
[2012/05/07 16:04:28 | 000,112,405 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga7.sgm
[2012/05/07 16:02:41 | 000,114,354 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga6.sgm
[2012/05/07 16:02:39 | 000,102,353 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga3.sgm
[2012/05/04 22:41:32 | 067,108,864 | ---- | C] () -- C:\Users\Scott\3971 - Flower Sun and Rain - Murder and Mystery in Paradise (US)(OneUp).nds
[2012/05/04 20:08:07 | 000,002,330 | ---- | C] () -- C:\Users\Scott\vba.ini
[2012/05/04 20:08:05 | 000,018,349 | ---- | C] () -- C:\Users\Scott\COPYING
[2012/05/02 19:31:26 | 651,741,184 | ---- | C] () -- C:\Users\Scott\Neverhood.iso
[2012/04/29 04:47:17 | 000,111,902 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga1.sgm
[2012/04/29 04:05:42 | 000,008,192 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga.sav
[2012/04/29 04:05:20 | 016,777,216 | ---- | C] () -- C:\Users\Scott\Mario and Luigi - Superstar Saga.GBA
[2012/04/28 15:54:02 | 000,063,978 | ---- | C] () -- C:\Users\Scott\SMRPGRevolutionV5.0.ips
[2012/04/27 21:08:55 | 002,680,778 | ---- | C] () -- C:\Users\Scott\BrutalMarioEnglish.ips
[2012/04/27 21:07:39 | 000,594,432 | ---- | C] () -- C:\Users\Scott\zsnesw.exe
[2012/04/24 00:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini
[2012/04/22 14:26:42 | 2386,823,314 | ---- | C] () -- C:\Users\Scott\[PSP] Final Fantasy Type-0 [ファイナルファンタジー零式] (JPN) ISO Download.rar
[2012/04/18 19:05:51 | 000,000,512 | ---- | C] () -- C:\Users\Scott\sloane.sav
[2012/04/17 17:43:21 | 067,108,864 | ---- | C] () -- C:\Users\Scott\3782 - Sloane to MacHale no Nazo no Story (JP)(1 Up).nds
[2012/04/16 17:42:59 | 134,217,728 | ---- | C] () -- C:\Users\Scott\4171 - Mario & Luigi - Bowser's Inside Story (US)(M3)(XenoPhobia).nds
[2012/04/16 17:42:52 | 000,262,144 | ---- | C] () -- C:\Users\Scott\contact.sav
[2012/04/15 22:29:01 | 033,554,432 | ---- | C] () -- C:\Users\Scott\Yoshis Island DS.nds
[2012/04/15 22:09:39 | 067,108,864 | ---- | C] () -- C:\Users\Scott\0615 - Contact (U)(Psyfer).nds
[2012/04/15 09:32:00 | 3018,522,623 | ---- | C] () -- C:\Users\Scott\rzr-ga4b.iso
[2012/04/15 09:29:49 | 3272,179,711 | ---- | C] () -- C:\Users\Scott\rzr-ga4a.iso
[2012/04/13 06:11:37 | 405,012,479 | ---- | C] () -- C:\Users\Scott\wiierd-nmh.iso
[2012/04/10 23:47:53 | 409,468,928 | ---- | C] () -- C:\Users\Scott\cvn-smtds.iso
[2012/04/10 20:56:38 | 4270,227,456 | ---- | C] () -- C:\Users\Scott\SMTNOCTURNE.mdf
[2012/02/13 20:43:11 | 000,001,442 | ---- | C] () -- C:\Windows\cpxf-mg.ini
[2012/02/10 00:37:38 | 000,000,485 | ---- | C] () -- C:\Windows\HEGAMES.INI
[2012/01/30 22:19:51 | 000,001,989 | ---- | C] () -- C:\Users\Scott\system.npa
[2012/01/30 21:57:40 | 2533,281,792 | ---- | C] () -- C:\Users\Scott\SG.mdf
[2012/01/30 21:57:40 | 000,000,672 | ---- | C] () -- C:\Users\Scott\SG.mds
[2012/01/19 23:41:12 | 000,000,012 | ---- | C] () -- C:\ProgramData\8680
[2012/01/19 23:41:12 | 000,000,012 | ---- | C] () -- C:\ProgramData\4794
[2012/01/19 23:41:12 | 000,000,012 | ---- | C] () -- C:\Users\Scott\AppData\Local\4662
[2012/01/19 23:41:12 | 000,000,012 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\3888
[2012/01/19 23:41:12 | 000,000,012 | ---- | C] () -- C:\ProgramData\1374
[2011/12/31 19:20:15 | 000,208,532 | ---- | C] () -- C:\Windows\hpoins40.dat
[2011/12/31 19:20:15 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2011/12/31 18:02:10 | 000,790,754 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/28 21:29:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/28 21:27:51 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/04 01:19:37 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\.anki
[2012/05/19 22:44:05 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\.dbox
[2013/03/25 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\.mono
[2012/05/14 09:44:51 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\AppClient
[2012/11/01 21:14:28 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\ArcticLine
[2012/06/13 11:31:19 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Audacity
[2012/11/02 12:25:59 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Azureus
[2012/02/20 17:58:27 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Babylon
[2013/05/13 17:15:44 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Boomzap
[2012/10/12 23:40:27 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Braid
[2012/07/29 19:13:11 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/29 22:07:07 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Clickteam
[2012/03/08 23:01:02 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/02/27 01:16:34 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\cvdata
[2012/06/11 00:05:14 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\DAEMON Tools Pro
[2013/04/11 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Digiarty
[2013/03/19 18:30:58 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Doublefine
[2012/02/12 21:38:25 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Downloaded Installations
[2012/07/31 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\DVDVideoSoft
[2013/05/01 20:49:16 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\FEZ
[2012/02/20 17:58:27 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\FLAC to MP3 Converter
[2012/05/16 21:07:28 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Gensokyo.org
[2012/04/17 19:29:48 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\gtk-2.0
[2012/06/08 19:03:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Gyazo
[2012/10/28 13:46:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Hive Cluster
[2012/07/24 09:36:09 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Hobbyist Software
[2013/03/11 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\iFunbox_UserCache
[2012/06/24 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\ImTOO
[2013/04/14 23:29:55 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\light
[2012/07/13 04:52:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\LoneSurvivor
[2012/04/02 02:04:35 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\LOVE
[2013/03/27 14:38:42 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mael
[2012/05/06 15:32:25 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\MakeMusic
[2013/04/21 13:02:42 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\me.annot.cloud
[2013/04/21 13:02:47 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\me.annot.player
[2012/07/26 12:47:19 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Media Finder
[2012/05/06 12:03:51 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\MusE
[2012/09/08 01:25:51 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\NeopleLauncherDFO
[2012/07/26 17:53:05 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Nitroplus
[2012/03/23 14:07:14 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\OmegaT+
[2012/09/04 10:03:39 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\ONScripter-828a2b
[2012/07/30 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\ONScripter-EN
[2012/07/11 22:51:28 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Openworld Learning
[2013/04/21 13:25:39 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\org.sakuradite.reader
[2013/04/17 22:28:30 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\RenPy
[2012/10/30 22:02:57 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\RetroCityRampage
[2013/04/12 20:01:34 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\savedata
[2012/11/10 12:49:04 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\SendSpace
[2012/05/16 21:07:28 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\ShanghaiAlice
[2012/07/30 06:00:04 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/04/29 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\StepMania 5
[2013/04/21 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\SweetScape
[2012/09/18 08:33:14 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\tixati
[2012/10/28 15:25:16 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\To the Moon - Freebird Games
[2012/07/22 08:39:39 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\UDown
[2013/05/24 05:31:54 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\umineko4final
[2013/05/22 23:16:20 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\uTorrent
[2012/01/01 16:41:01 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Voxatron

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2013/05/05 20:14:25 | 000,018,189 | ---- | M] ()(C:\Users\Scott\Documents\(??????35)(?????`??)(????Х??) Omega????? 1.?????Τ?????.torrent) -- C:\Users\Scott\Documents\(���󥯥�35)(ͬ�˥��`��)(�ͤ��Хʥ�) Omega��ҕ�� 1.�����ΤϤ��ޤ�.torrent
[2013/05/05 20:14:24 | 000,018,189 | ---- | C] ()(C:\Users\Scott\Documents\(??????35)(?????`??)(????Х??) Omega????? 1.?????Τ?????.torrent) -- C:\Users\Scott\Documents\(���󥯥�35)(ͬ�˥��`��)(�ͤ��Хʥ�) Omega��ҕ�� 1.�����ΤϤ��ޤ�.torrent
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?a?C?A???X??Uc) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAXْc

< End of report >
  • 0

#5
terminallyfacetious

terminallyfacetious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Extras:

OTL Extras logfile created on: 5/24/2013 4:55:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Documents
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 43.56% Memory free
4.31 Gb Paging File | 1.64 Gb Available in Paging File | 38.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 2.88 Gb Free Space | 0.97% Space Free | Partition Type: NTFS

Computer Name: SCOTT-LAPTOP | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BD4B3F6-68E7-4BEB-893B-9BABC2DB6828}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2E8057FE-E2E3-4924-BA17-211E21CF4DD5}" = rport=139 | protocol=6 | dir=out | app=system |
"{3D956511-C8D2-42DE-B8E4-4457776804A9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{486A8343-2E40-4683-BB47-6F95DA6E4E4E}" = rport=445 | protocol=6 | dir=out | app=system |
"{4CA57942-17B3-4146-ABB7-C951EDDF5937}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{589562CD-2C17-4CCD-981D-6DC9244485A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6326EC3F-CFB9-4BCD-A80D-CF0CF384198E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{763444A6-022D-45FA-9E81-5528C3CF4456}" = rport=137 | protocol=17 | dir=out | app=system |
"{776938E6-758D-409A-B221-8AC5CD714472}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81F976B3-3EAB-4649-8044-3698987FF1A7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BF4D740-13F6-42AC-B997-E6BB43524240}" = lport=138 | protocol=17 | dir=in | app=system |
"{8FDA4E39-6A18-4AE8-8B9A-6D7D071EF6AF}" = lport=445 | protocol=6 | dir=in | app=system |
"{9095FEC4-F407-4CBD-8A00-698E5440926F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9869E42F-C61C-4B71-A15F-548E43987850}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0F33629-BB80-4BC1-B2E0-E8B5A2F3F431}" = lport=137 | protocol=17 | dir=in | app=system |
"{BBD17094-F555-418B-808A-2CB45E822274}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C2004588-3958-4EAA-8937-FCD108F4E2B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6799B99-6893-4FB7-AE98-ADFC5040F7B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC3071A4-ED54-4E9C-9D9A-641CA00D0DE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD26FF49-3F87-41AB-BFBD-865B3E71DFD8}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E801795B-F964-4FE8-ABBF-B3C1FB2238B5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E8D49941-B486-49E8-A7A3-4D8B6BEFEFF4}" = lport=139 | protocol=6 | dir=in | app=system |
"{F880EB77-C054-4609-BB66-AAD384AF186B}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0529A510-D955-48F4-B836-FED42FA21736}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{085FB8A7-A96E-4EAC-B8E0-8CD71290C7B5}" = dir=in | app=c:\users\scott\appdata\local\temp\7zs3951\setup\hpznui40.exe |
"{0E32999F-3C9F-49C0-88D8-F0DC73C5929C}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{13A57F95-A12F-4C60-9A00-46581FB95D6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{17F289C3-B768-4710-90B8-53AB08BFBDF0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{19008A63-7B66-41E7-9423-BEFB2C613C77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{1A2D459B-60BB-4938-B0A3-E96CEBDAB7D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1C09D92B-5F43-4712-AB9F-268A07DB0047}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{1CD64417-22D9-495F-BD09-18FEAF3B9D63}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F9540A3-056C-496F-A053-D9D91F07BFF7}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{20360DE3-AE41-4E44-AE85-E8BF3B458CFA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{206721B5-4960-4B9A-A3A8-986C9D2BEB9C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{257D412B-D4E4-4A5B-9A7C-56BF698B9DFD}" = protocol=58 | dir=out | [email protected],-28546 |
"{2810A59B-F175-4DCA-B5A4-D5D000B519F5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{281BAC85-B724-483B-91D1-9017A3EF3760}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{2F8332D6-4D81-4B67-989D-075418F7801B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{2FEE2933-175F-4C0C-8060-F81C5A271429}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{30C108E7-BB17-4844-81B7-866EE575BE54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34122C95-F75E-413C-BC23-AE2DFF2C463A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{35789A1E-D685-4712-843A-AA06FB4E5647}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{35D1C77D-F335-4990-A1AB-D97BEF68501D}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{37A601CC-8763-4535-9153-EA460F668F69}" = protocol=58 | dir=in | [email protected],-28545 |
"{3CC200D1-68CA-42E3-8124-F91F840CC125}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3DDAE0A1-1EF8-4855-A77B-44957BC6FE92}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{410E76E8-C53F-446B-A4E5-89FE6548346E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{493B78C2-A5B7-4FEB-A01F-4BE5D52523E3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F7EC6D1-22D9-4755-A563-40047D1F0D99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50559F6C-F7A8-4E89-85DA-C69766BF9A1F}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{52165E1E-6FB8-4F27-8C92-C43D3E314CBA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{59015D0F-702C-4E8E-9F68-518116E9EAD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{5EA7F936-8F03-4AF5-B794-0E238DBBAA89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62A7B7E9-CBBE-48B0-9E9D-70A511A9928E}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{631356C2-56DF-4B0E-A404-07FD48A364D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DF17016-2DD0-49AD-B483-9CF68289F6E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6E031D0E-4B48-48FC-97AC-20F4F253BFD0}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{6E9C7692-9C4A-47BF-8DA9-E7AADAC7F3D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EB84B50-3C63-43BC-B837-C2E0FAA3F9EC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7B88A45F-D60B-4B5A-A5F5-15CC0EF62911}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{7E6F428A-2137-4BFE-AB7D-A138FFA2C380}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{817C17E9-651F-4EAD-B396-5889DA97CA86}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84203E2B-094C-4BCC-9829-4F8B7C24E8E5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{86C639B5-5A28-4788-863E-113130F5EA19}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{8D0FEFA9-0294-4023-A610-09B63269DABB}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{92914C29-EE42-4183-9BB6-A7ACCE7E3605}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9573391B-59ED-42BE-BD9B-992557BFB5A4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{97C03CED-AF6A-4526-8ABE-F4F666E55AC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C8EC4D0-02C3-43C4-A44B-C6201DD31FD1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A17042D0-7A75-4B50-8EFF-05BB461E4733}" = protocol=1 | dir=out | [email protected],-28544 |
"{A35AB15F-5161-4A45-A90B-C5314F70DA33}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A456E62D-2FFE-4061-9B7D-AFF90D1ED01C}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{A7394A61-D8C1-4C98-9657-35DBEE9C4EDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{A7C5FB23-E7D0-4243-843F-3F9ECBFC7D8A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{A9860C9C-3654-4CFB-B25D-AB507CD521BF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{AA98C6EC-9659-48B8-B01B-2EC1CFA03F12}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B7655F72-1033-4741-A94A-675306664FF6}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{BA9FE2A3-DF73-4BAF-8E2A-A58E9D0E7964}" = protocol=6 | dir=out | app=system |
"{BAEF4366-CEC2-4EF1-ADFF-A1F0A4A67E1C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BEAE3EC1-F208-447A-9347-EC678A7D9386}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{BEB1CC3E-0314-4AFF-BBB7-C3ED67725D7D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BEE52CE3-8897-414E-A83F-FCE23EBEDBFD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{C6ECF872-6669-41A9-9BF4-623669B2B603}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C7FA73F2-3F8D-44D8-9303-5CF7A4D77A11}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{CC9C31E5-43E4-45AA-91C6-D580A61891B3}" = protocol=1 | dir=in | [email protected],-28543 |
"{CE45ED2C-8884-4E05-879E-36E5394375A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D3BAD2B9-4E39-4D7B-B2DE-6B84987F9DEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7AD996E-5A1F-4FCF-8B00-3067EEB7D9BB}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{D946DF34-8FFE-4CDF-811F-8B3CA70C12AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAFDA917-920C-4E76-B027-2C91042ABD0D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DBEC3C22-5CE2-459A-9CF5-98A237239CAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{E1F896E1-25A0-4584-B409-429389608D58}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB1D9ABC-9FA5-4626-8318-70CC2B0E765F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{EE87FF5F-88A9-41D2-BB60-C5FFAA6844C7}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{F85BEE8F-1713-4F47-8BC7-696191837C0D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{3439DA5E-8F22-4194-AA32-01724D8B15BE}C:\users\scott\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\scott\downloads\utorrent.exe |
"TCP Query User{3605A673-C049-4A99-95D0-EE7BB714DEA3}C:\users\scott\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\scott\downloads\utorrent.exe |
"TCP Query User{3F80392E-FC2F-4C22-8466-16A7E7C5552E}C:\users\scott\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\scott\downloads\mtgoiii_helper.exe |
"TCP Query User{59E7040A-2942-48DA-B68C-28C4D49FB5C4}C:\udk\q.u.b.e\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\q.u.b.e\binaries\win32\udk.exe |
"TCP Query User{922B0021-41B2-4D78-9DE5-6BA05B8ED40E}C:\users\scott\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\scott\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9A2801E6-60B8-47CF-9BE8-27874AF2C1DF}C:\frozen synapse\frozensynapse.exe" = protocol=6 | dir=in | app=c:\frozen synapse\frozensynapse.exe |
"TCP Query User{BD97AD85-D446-45AA-AF65-8A9ED72B1666}C:\program files (x86)\infogrames\pajama sam's no need to hide\pajamanhd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\infogrames\pajama sam's no need to hide\pajamanhd.exe |
"TCP Query User{C44A0D65-0D33-479A-9091-C0C9C78CCCF1}C:\program files (x86)\rock of ages\binaries\win32\roa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rock of ages\binaries\win32\roa.exe |
"TCP Query User{C4B0A3D6-566B-42FC-9C1E-86DED196BBD5}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe |
"TCP Query User{C5B3FE2B-B12D-423A-9FAA-B1E0B0A6B5FC}C:\users\scott\appdata\local\temp\rar$ex75.720\dmpc 3.1.3-3.exe" = protocol=6 | dir=in | app=c:\users\scott\appdata\local\temp\rar$ex75.720\dmpc 3.1.3-3.exe |
"TCP Query User{DC2949A3-2C76-434F-BFA4-6F51B521DFA2}C:\program files (x86)\1clickdownload\1clickdownload.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownload.exe |
"TCP Query User{DF1EDF55-CFDA-465B-8332-17D67C2C7DDF}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{FC5A5162-5A2C-42D5-A54C-8431005FCB83}C:\users\scott\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\scott\appdata\roaming\spotify\spotify.exe |
"UDP Query User{017AB6C5-8036-44A8-8350-EBC6CE3392B5}C:\users\scott\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\scott\downloads\utorrent.exe |
"UDP Query User{10349A95-0BF7-435F-BA9B-3ACBBF17DBC9}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe |
"UDP Query User{1EE8ED62-83F5-4990-A0CA-77E70B91FEAC}C:\program files (x86)\rock of ages\binaries\win32\roa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rock of ages\binaries\win32\roa.exe |
"UDP Query User{29DFCA99-9784-4DE0-BFE3-1432DDC079F8}C:\users\scott\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\scott\downloads\utorrent.exe |
"UDP Query User{337176F5-1CC3-4885-AACE-D9D237FEFC81}C:\users\scott\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\scott\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3C8FA5E8-F96A-437E-BC09-568D32F7CC81}C:\users\scott\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\scott\appdata\roaming\spotify\spotify.exe |
"UDP Query User{40C3EE40-BA33-4E58-BF1C-01FD2F0C13D7}C:\users\scott\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\scott\downloads\mtgoiii_helper.exe |
"UDP Query User{442319CA-F8FC-4609-A617-D74FE84F7190}C:\program files (x86)\1clickdownload\1clickdownload.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownload.exe |
"UDP Query User{5792F4CF-306E-477F-AB4E-040009732D9B}C:\frozen synapse\frozensynapse.exe" = protocol=17 | dir=in | app=c:\frozen synapse\frozensynapse.exe |
"UDP Query User{87D435BA-80AA-4D0B-864F-A6BFEEB882FD}C:\udk\q.u.b.e\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\q.u.b.e\binaries\win32\udk.exe |
"UDP Query User{88F82713-BAA5-4808-854A-3A5719878DE0}C:\program files (x86)\infogrames\pajama sam's no need to hide\pajamanhd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\infogrames\pajama sam's no need to hide\pajamanhd.exe |
"UDP Query User{A4DB2990-CC00-4791-B1BD-D51A845371A2}C:\users\scott\appdata\local\temp\rar$ex75.720\dmpc 3.1.3-3.exe" = protocol=17 | dir=in | app=c:\users\scott\appdata\local\temp\rar$ex75.720\dmpc 3.1.3-3.exe |
"UDP Query User{F50D0196-461B-40C8-8E08-5F22DEF17426}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F1F4E90-5808-3CA8-8FF6-A5B0E60AF268}" = Microsoft .NET Framework 4 Client Profile JPN Language Pack
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD9BC990-A8A3-3F69-86BC-CFB5641931E8}" = Microsoft .NET Framework 4 Extended JPN Language Pack
"Air Playit_is1" = Air Playit 2.0.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile JPN Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - 日本語
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended JPN Language Pack" = Microsoft .NET Framework 4 Extended Language Pack - 日本語
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1 (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B095550-3C13-4547-ABD1-04CF1560BBBD}" = Vizzed Retro Game Room
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPGツクール2000 ランタイムパッケージ
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.3
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6C85E71C-26FA-4E9C-99B1-5E9002CAA9CB}" = AUiG
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{84ADC96C-B7E0-4938-9D6E-2B640D5DA224}" = Python 2.7.4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8B30EC37-BF14-4995-AA69-9DA4F9E90C67}" = CVData/CVCX
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8EFF2EC4-F6F0-4A9B-91A5-92E2EEE93F35}" = 紅魔城伝説 緋色の交響曲
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{91F5A357-7173-408C-85B7-FAAC69B5AD22}" = Dies irae -Amantes amentes-
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D81F39D4-FDA9-4356-92B1-16081D8BF71A}" = Pokmon Trading Card Game Online
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F11000FE-0010-0000-0000-074957833700}" = ABBYY FineReader 11
"{F139C955-376C-45CA-9C34-C77000AB73BC}" = 黄金夢想曲
"{F73498A2-499B-4423-986E-90F99348609F}" = STEINS;GATE
"{F9000000-0015-0000-0000-074957833700}" = ABBYY Screenshot Reader
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA15C0A3-EBBF-4FC8-95A3-62D34E7A0322}" = bS
"{FB225F43-6678-48BF-96BC-E249C3487C8C}" = Dies irae ~Acta est Fabula~ パッチ版
"{FD0EDC80-AACC-47DF-94F0-A9081E127DAD}" = かみのゆ
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"__ ̌_is1" = __ ̌ ver 0.01a
"010 Editor_is1" = 010 Editor 4.0.4
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alabaster" = Alabaster
"BFGC" = Big Fish Games: Game Manager
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-03-25
"Comical_is1" = Comical 0.8
"DAEMON Tools Pro" = DAEMON Tools Pro
"DFO" = DFOLauncher
"Digital Editions" = Adobe Digital Editions
"DreamWorks Interactive: Neverhood" = The Neverhood
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashDiggerPlus" = FlashDigger Plus
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"GOGPACKHOTLINEMIAMI_is1" = Hotline Miami
"HP Photo Creations" = HP Photo Creations
"htmltads.exe" = HTML TADS Player Kit
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"iFunbox_is1" = iFunbox (v1.99.958.697), iFunbox DevTeam
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{FB225F43-6678-48BF-96BC-E249C3487C8C}" = Dies irae ~Acta est Fabula~ パッチ版
"InstallShield_{FD0EDC80-AACC-47DF-94F0-A9081E127DAD}" = かみのゆ
"Jet Screenshot_is1" = Jet Screenshot v 3.0.1
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Megaman Day in the Limelight 2 v1.5_is1" = Megaman Day in the Limelight 2 v1.5 version 1.5
"mIRC" = mIRC
"MKVToolNix" = MKVToolNix 6.1.0
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Otherworld - Spring of Shadows CE1.0" = Otherworld - Spring of Shadows CE
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"Pesterchum" = PESTERCHUM
"PrivitizeVPN" = PrivitizeVPN
"PyQt GPL v4.10 for Python v3.3 (x32)" = PyQt GPL v4.10 for Python v3.3 (x32)
"QnJ1dGFsIExlZ2VuZA==_is1" = Brutal Legend version 1
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"ScummVM_is1" = ScummVM 0.7.1
"Sleeping Dogs_is1" = Sleeping Dogs
"SoundTap" = SoundTap Streaming Audio Recorder
"Splashtop Software Updater" = Splashtop Software Updater
"Steam App 113200" = The Binding of Isaac
"Steam App 115110" = Stacking
"Steam App 19680" = Alice: Madness Returns
"Steam App 200010" = Quantum Conundrum
"Steam App 200900" = Cave Story+
"Steam App 209830" = Lone Survivor
"Steam App 224760" = FEZ
"Steam App 3483" = Peggle Extreme
"Steam App 35700" = Trine
"Steam App 440" = Team Fortress 2
"Steam App 8290" = Sam & Max 204: Chariots of the Dogs
"Steam App 8300" = Sam & Max 205: What's New Beelzebub?
"Super Meat Boy v1.5_is1" = Super Meat Boy v1.5
"tixati" = Tixati
"To the Moon" = To the Moon
"Universal Extractor_is1" = Universal Extractor 1.6.1
"uTorrent" = Torrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"VLC media player" = VLC media player 2.0.6
"VLC Streamer_is1" = VLC Streamer 3.21
"Wakan" = Wakan 1.67
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2607aec6904c6c40" = PACAPLUS
"DASH-DA-DASH DX v1.2" = DASH-DA-DASH DX v1.2
"Google Chrome" = Google Chrome
"InstallShield_{91F5A357-7173-408C-85B7-FAAC69B5AD22}" = Dies irae -Amantes amentes-
"PhotoZoom Pro 5" = BenVista PhotoZoom Pro 5.0.2
"pyenchant-py2.7" = Python 2.7 pyenchant-1.6.5
"Rose Guns Days -Trailer ver.-" = Rose Guns Days -Trailer ver.- v1.0
"Umineko no Naku Koro ni English" = Umineko no Naku Koro ni English v4.4
"Umineko no Naku Koro ni EP8 English" = Umineko no Naku Koro ni EP8 English v4.1
"Yume Nikki 0.10 English" = Yume Nikki 0.10 English

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2013 11:32:55 AM | Computer Name = Scott-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/24/2013 11:32:55 AM | Computer Name = Scott-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13510

Error - 5/24/2013 11:32:55 AM | Computer Name = Scott-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13510

Error - 5/24/2013 11:32:56 AM | Computer Name = Scott-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/24/2013 11:32:56 AM | Computer Name = Scott-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14524

Error - 5/24/2013 11:32:56 AM | Computer Name = Scott-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14524

Error - 5/24/2013 11:32:57 AM | Computer Name = Scott-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/24/2013 11:32:57 AM | Computer Name = Scott-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15679

Error - 5/24/2013 11:32:57 AM | Computer Name = Scott-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15679

Error - 5/24/2013 10:56:27 PM | Computer Name = Scott-Laptop | Source = Bonjour Service | ID = 100
Description = Client application registered 2 identical instances of service Scott-Laptop._hs-vlcstream._tcp.local.
port 54340.

[ System Events ]
Error - 5/24/2013 10:56:29 PM | Computer Name = Scott-Laptop | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 5/24/2013 10:56:29 PM | Computer Name = Scott-Laptop | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 5/24/2013 10:56:34 PM | Computer Name = Scott-Laptop | Source = PNRPSvc | ID = 102
Description =

Error - 5/24/2013 10:56:33 PM | Computer Name = Scott-Laptop | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 5/24/2013 10:56:34 PM | Computer Name = Scott-Laptop | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 5/24/2013 10:56:34 PM | Computer Name = Scott-Laptop | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 5/24/2013 10:56:44 PM | Computer Name = Scott-Laptop | Source = PNRPSvc | ID = 102
Description =

Error - 5/24/2013 10:56:44 PM | Computer Name = Scott-Laptop | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 5/24/2013 10:56:44 PM | Computer Name = Scott-Laptop | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 5/24/2013 10:56:44 PM | Computer Name = Scott-Laptop | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535


< End of report >
  • 0

#6
terminallyfacetious

terminallyfacetious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
GMER results:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-25 13:33:35
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-11A0RT0 rev.01.01A01 298.09GB
Running: h1iigz72.exe; Driver: C:\Users\Scott\AppData\Local\Temp\fglyrpoc.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[5784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771f1465 2 bytes [1F, 77]
.text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[5784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771f14bb 2 bytes [1F, 77]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\SysWOW64\ntdll.dll [2128:2132] 000000000040633a
Thread C:\Windows\SysWOW64\ntdll.dll [2128:3812] 000000006b7632fb
Thread C:\Windows\SysWOW64\ntdll.dll [2128:5856] 000000007710ccae
Thread C:\Windows\SysWOW64\ntdll.dll [2248:2252] 000000000040a219
Thread C:\Windows\SysWOW64\ntdll.dll [2248:4884] 00000000742d7861
Thread C:\Windows\SysWOW64\ntdll.dll [2248:6060] 000000006b7632fb
Thread C:\Windows\SysWOW64\ntdll.dll [2248:1368] 000000007710ccae
Thread [3660:3880] 000007fef3fc24a0
Thread [3660:3884] 0000000077a598b0
Thread [5056:5404] 0000000077c73e59
Thread [5056:980] 0000000077c72e3e
Thread [5056:5860] 0000000077c73e59

---- Registry - GMER 2.1 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\Users\Scott\Touhou Mother\RTP\xff7e\xff6f\xff84\xff71\xff6f\xff8c\xff9f\RPG2000RTP.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\Users\Scott\Dies irae\xff5eActa est Fabula\xff5e\Dies irae \xff5eActa est Fabula\xff5e \x30d1\x30c3\x30c1 1

---- EOF - GMER 2.1 ----
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#8
terminallyfacetious

terminallyfacetious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.26.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Scott :: SCOTT-LAPTOP [administrator]

5/26/2013 1:31:15 PM
mbam-log-2013-05-26 (13-31-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250407
Time elapsed: 20 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\components (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> Quarantined and deleted successfully.

Files Detected: 33
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\Roaming\uTorrent\FeD0R.Neo - working GTA IV crack.rar (Packer.ModifiedUPX) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\Local\Temp\CSMD01A.tmp (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\Local\Temp\is1598539481\18056951_Setup.DAT (Adware.TryMedia) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\Local\Temp\is1598539481\38106435_Setup.DAT (Adware.TryMedia) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\Local\Temp\is259369358\PricePeepInstaller.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Scott\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\chrome.manifest (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\egdcf.dat (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\ncncf.dat (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlcm.crx (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlcm.txt (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlph.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlxf.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\shfscp.dat (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\components\rlxh.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\components\rlxi.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\components\rlxj.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\components\rlxk.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Scott\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> Quarantined and deleted successfully.

(end)
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Can you try to connect your external disk now. Please tell me what do you see when you connect it. Any error messages or anything?
  • 0

#10
terminallyfacetious

terminallyfacetious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The computer made a sound like it knew something was plugged in, but the device wasn't showing up. Windows Explorer didn't crash like it would have before, though. I made to open Disk Management, because now it wouldnt crash and I could possibly see what's up, but the shortcut for Computer Management in the Control Panel wasn't working. (also it wouldn't let me open 'Administrative Tools' until I unplugged the device. Strange...) Then, only after unplugging it, the device showed up in Computer as drive H, which is what it has always shown up as. Opening it made WE stop responding. I plugged the drive back in (no sound this time) and tried again. There was an improvement, because it didn't crash, but it took a while to load and eventually stopped. This happened again in my third attempt, and right-clicking on the drive made WE unresponsive as well.

Is somehow backing up the drive my only option? Should I try getting a new cord to connect drive to computer?

Thanks for everything you're doing, by the way.
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You can try new USB cable but I don't think it's that. I suggest you that if you manage to connect disk drive to your system then backup it immediately because you may not have another chance.

Let's try to check all system files and make sure they are right. Try to connect you drive again after this scan.

  • Click on the Start Posted Image button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow

    Wait for this to finish before you continue

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt

  • This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

  • 0

#12
terminallyfacetious

terminallyfacetious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here it is, attached as requested.

Attached Files

  • Attached File  cbs.txt   842.93KB   30 downloads

  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Any changes now when you connect your external HDD?
  • 0

#14
terminallyfacetious

terminallyfacetious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
None that I can see. I got disk management open and it still crashed immediately once I plugged in the drive. And then while the drive is in, computer management won't open, without even an error warning. It's "working." It shows up in the side bar of Explorer as well, but even clicking the arrow to show folders causes it to stop responding.

It is very strange. Is the drive corrupted beyond repair, do you think?
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi terminallyfacetious,

I think this is hardware issue. You should open new topic in Hardware, Components and Peripherals. There are Tech guys that will help you more than me with this problem.

Post them link to this topic and tell them that your system is clean. I will remove my programs from your PC now.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendors patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP