Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OTL LOG AND HIJACK THIS LOG HELP [Closed]

Started by Cyphox , Sep 10 2013 12:32 PM

  • This topic is locked This topic is locked

#1
Cyphox
Posted 10 September 2013 - 12:32 PM

Cyphox

    New Member

  • Member
  • Pip
  • 2 posts
Hi guys i recently downloaded High jack this And Otl and i dont know how to read these logs so if you can help me out and point me in the right direction that would be Awesome! Heres the OTL log of the scan.


OTL Extras logfile created on: 9/10/2013 11:44:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hernan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 70.62% Memory free
15.82 Gb Paging File | 13.32 Gb Available in Paging File | 84.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.11 Gb Total Space | 416.41 Gb Free Space | 61.05% Space Free | Partition Type: NTFS

Computer Name: HERNAN-PC | User Name: Hernan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Users\Hernan\Documents\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\Hernan\Documents\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Users\Hernan\Documents\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\Hernan\Documents\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0789342D-056C-4A40-B8F6-048E6451E2C9}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{07FD9F59-970A-49F1-95E8-BF22E4E3CD41}" = rport=138 | protocol=17 | dir=out | app=system |
"{100C3D28-0565-467C-937A-99397EC6B569}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{10B63D9B-0A35-478C-BDDC-3D88C096BCD8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{10E57937-58FD-4F06-97D0-1D1EC4A2B4C0}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{13BF9727-4432-4B7D-B78A-C92254F1FE83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E770409-C124-4563-BA24-4F1F2E26DFF2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{41036D9C-7A63-4046-98E3-E80BB08FAF4C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4FE6A95B-FFDB-4076-B869-578B63A4F60E}" = rport=139 | protocol=6 | dir=out | app=system |
"{5450716C-A89B-49DA-A7EB-39BCE09ABC90}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5908E83F-A67E-4D95-B275-37A845D908C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{60ACF33B-9D35-4D72-8833-99F28F05D450}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{66A729AC-DDCF-4E7A-82CC-B347C367D16E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{6ECBEBBE-1447-400A-B458-148FEAD066D5}" = lport=138 | protocol=17 | dir=in | app=system |
"{78DCA655-6E12-4200-9ECA-9DBF9D9914C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8303DB6E-6F58-42B5-8F9F-86BC3909410F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{8CAB2518-B8F1-43E6-AB4A-94E283E55B15}" = rport=137 | protocol=17 | dir=out | app=system |
"{927B97C6-98F2-4085-888F-0A740F1E6C64}" = lport=445 | protocol=6 | dir=in | app=system |
"{A10F978C-114D-4F8F-8EB5-38217D9EE906}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3A813CD-FBA7-46A2-AAAF-E04713BD10A4}" = rport=445 | protocol=6 | dir=out | app=system |
"{A4FD522E-1B52-419D-B886-A2DE6F064D95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8EB8976-399A-47CD-AE45-629749C93F9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{ACEAF281-ECEC-489F-A06E-0EE694D7643A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B3B9F477-4E53-4FAF-9B72-10EB949C1872}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B7918942-53E9-4228-A42A-E2C3D7BBD8C6}" = lport=137 | protocol=17 | dir=in | app=system |
"{C4C24352-46C5-414D-A934-1D172E7402D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0F211A7-559E-4C21-864A-88CD8D0F71D7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{D303ADBF-14FA-48B5-B6FE-9C6705C567BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4A0DE66-4194-4C23-A380-7168B41BB69B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA887793-0083-4E75-881C-62086EF88432}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC2C5757-7FD5-4BF1-98A1-522F13450ACC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF1E7F3B-7C0E-4061-84B0-D074585A6E11}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{F05BE547-DF55-49B4-9C44-28AF36BF5063}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E6C6C1-4154-417E-A9D3-75E0FE580B60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\soldierfront2\binaries\win32\sf2.exe |
"{03478B57-6332-4DB5-89A7-B70B2B0C35D9}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{06C20C24-FE8A-4476-B93B-B3F2CDDEDD3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{09E41C48-C516-4165-A455-75BC56915722}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |
"{0CD5CC44-5A12-444A-9BE5-F9B6FF925651}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{0E2B671E-F5EC-41E5-9668-7869B989B2A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E46B431-6F3F-4A5B-A23F-92CE1FFCA4EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{1147AD0D-AB97-4152-8619-73CB86195ED3}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{11D73747-80CD-4D3E-A7DB-B0E2682E65E5}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{14EE0CEF-FF43-4572-A2DF-36599F43E7F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{1AB8B01E-B3F7-4ED4-A7E0-C23F6123E99F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\game\game.exe |
"{25144A21-217A-42B9-9517-9F1BD5E669F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{28B6B664-12F8-46E5-A6D0-774B169ACC7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\soldierfront2\binaries\win32\sf2.exe |
"{2AA3CAE1-DA32-4C3C-AF5F-6E4E4A247F71}" = protocol=17 | dir=in | app=c:\users\hernan\appdata\roaming\utorrent\utorrent.exe |
"{2BDE76FD-4BE1-42C7-8690-10726544D64D}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{30339216-E0BC-4D17-BABF-B104FF2B6728}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{355FD80B-BEA1-47B9-9EB4-80EE3D1B4A29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |
"{377CE2DC-4AFD-4BFB-BD41-DB53E5CBBD6A}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
"{3850EF61-85D1-43ED-8CE6-0AD508DA0BA2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{39B02CB3-1FA0-4D60-B32C-F509BF9DF5BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{3A3DA536-2B52-4781-A0FB-25BA977261DC}" = protocol=6 | dir=in | app=c:\users\hernan\downloads\crossfire_downloader.exe |
"{3A3FDC72-EC05-4481-99B0-69A2B6590023}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{3B177EEC-2F7A-4C2C-85DB-F774834FD705}" = protocol=1 | dir=in | [email protected],-28543 |
"{3D7F0C02-D904-439C-ADAC-954D377B40E4}" = protocol=6 | dir=out | app=system |
"{3E9715E1-D6B5-4492-BE20-5FFE0A935037}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41000BE8-AD22-4E0C-9794-986F72989EC9}" = protocol=58 | dir=in | [email protected],-28545 |
"{41A2DD76-528E-42D2-A9D8-20906CE785E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\soultaker6661\counter-strike source\hl2.exe |
"{465C7979-EDC7-47B2-B129-C368F34B9B31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{473D17F8-91CD-47EF-AB34-EE05B6083592}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{476762BF-6E5C-4089-9E6F-972D948609E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{49A1D6A8-62E4-434B-BB9A-B40442A4836A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\raceroom racing experience\game\game.exe |
"{4ACF99C9-CCA6-4361-8A8D-E8290ADB3EA0}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{4B66AF61-6A7F-4FF1-916A-D0AA96C77C60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{4BC06599-7289-4EAE-8F4F-9B597685BF11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D6AD8EB-2D68-4122-AFFB-6B8822BB59DD}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{50442514-7CA0-4D2E-AC85-405AABB1F152}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{5236D79A-DFC0-4229-8EDE-0F9B873EAA1A}" = protocol=6 | dir=in | app=c:\users\hernan\documents\games\crossfire\cf_g4box.exe |
"{58D18E7D-6816-4ECE-BE3C-9BDB9DD36D8D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{593E45C5-D596-48A4-A2EC-3F4CF3DE277C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{5EFB6985-06A9-46E5-8E6E-E780C6EA54FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{5F95E3C5-BB6B-407A-86D8-86D00F3FAFDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{6060E4F2-D79B-4050-B787-81ED0DB46331}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{6B071192-E4BF-4CDA-9905-FB0F94E16432}" = protocol=17 | dir=in | app=c:\users\hernan\documents\games\crossfire\cf_g4box.exe |
"{6FED55B3-9DD6-464D-AA6F-628C07AB286F}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{707894AB-08CD-4686-97DB-0DD7DAFCB2A3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71734874-4289-4F62-A468-A40DEC407284}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
"{745440E6-3979-49A6-AD73-4712F979AC1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe |
"{78B55BB3-D526-4321-AB57-F0FFE13D0941}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7BDBCE2B-FC9D-4D6F-B9E3-0EEA2074ABEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E0E4AFC-0D52-4232-95D7-374CB53C4F60}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marchofwar\game.exe |
"{7E7AA460-B33C-4841-85AC-A1F380EAFA28}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81B86CBA-7EF0-4ADB-8C56-3D9814BB9437}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{85206AB7-BC81-4611-875F-F6BCC47B55FC}" = protocol=6 | dir=in | app=c:\users\hernan\appdata\roaming\utorrent\utorrent.exe |
"{86F3DF56-4468-45F3-85BF-E97E248F0BEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8C8341C3-6DFE-4917-85F6-5FC5E6A0C3AB}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{8CCD0054-4D84-4755-B2C4-FF406A180810}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{8E7ACB8D-6958-445C-920D-ECE4B76CB0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{8EAA8F34-CCC6-4196-87AF-C2ADE0CBF091}" = protocol=17 | dir=in | app=c:\users\hernan\downloads\crossfire_downloader.exe |
"{9D8597FA-72C7-4B3B-ADF1-37D2EC0A9488}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{A34F70C5-373B-41B8-888D-F84285914C78}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A368D5A3-91D1-41A3-A056-FF725F9AD742}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{A7075408-FFF2-4D70-BC37-AE30F6FFEAB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe |
"{ADFFEF7C-CBD7-4871-B805-B5677BE2CF75}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B05A93AB-A626-4752-A40F-9F4AD6B4A6F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B36DBE4A-DE1C-43C4-8F6C-03A07AC84A8D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B7FD53FD-AED3-4A49-BCF2-9098F3D74A88}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{B8F16E6F-A101-4C60-ABEE-661BFD8A34A6}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{BCB288A4-88EC-4F25-88F1-8B5570301FD3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C1B66057-7A1F-429B-A6E5-0438FB905D48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C24D215D-2CFF-4B70-8FE1-9DA813FB90EB}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{C2FD422B-191A-4D68-8745-7FF4A9DA6F0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{C3856F97-5435-46BC-BE3F-17971C596091}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\soultaker6661\counter-strike source\hl2.exe |
"{C4C7D3E1-D402-4AFD-A596-2849E9ECA5C4}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{C5181ED4-7BB5-42E9-9BA3-B5276858B497}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C872428A-EEC0-4859-981B-44A990B4821D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CA966F62-862C-4541-8557-38ACCEFA17DE}" = protocol=58 | dir=out | [email protected],-28546 |
"{D54C9EF8-9553-4EC3-A42E-BFD1F7AD8492}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D5C0D02D-4DA3-4227-B7BA-277F6BA03CC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{D602A013-127A-4D63-876F-052DE0403D44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6090627-8445-47C8-B9AE-57A8F3438A94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{DBD9E4CA-523A-4175-A05A-B11771DDAFC5}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{E0125BA6-C501-41B5-A58F-FB2B953100B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E29610AF-A305-4983-B5F0-111B986005B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E3647A75-ACC7-431F-93AB-521C55C64881}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{E55F7128-6FEE-4BEA-B7FD-EECC35D67E16}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{E585D80A-5794-4B01-9E10-3B3E385A122F}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{E639428E-AE57-401C-B02C-AD273BF03F47}" = protocol=1 | dir=out | [email protected],-28544 |
"{E90B1DAA-4E85-4613-8A32-4312DCEA6038}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{EFCAFD5E-6644-460A-AD3A-62DE1DAB1B22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marchofwar\game.exe |
"{F02864A3-6ECE-4E6C-B3E2-50ECCDB4B072}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{F11680D1-F5EB-4C2E-95E4-E019223AD891}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{F4A6A61D-3F9C-40A4-A24E-A414753E0A3C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F8DC0CB0-91F3-4FF1-8306-EF8E61C8CB38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"TCP Query User{01F56014-90C5-40D2-A48E-0D38CFE9F3FD}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{0649249D-2C34-4E48-BE15-7349127CF4A2}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{12640F78-D7A1-4DA0-B34B-17A8C8908871}C:\program files (x86)\steam\steamapps\soultaker6661\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\soultaker6661\counter-strike source\hl2.exe |
"TCP Query User{13D2663F-07D9-45A3-BA75-84C65B3D5B50}C:\users\hernan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hernan\appdata\roaming\spotify\spotify.exe |
"TCP Query User{202A2C93-EC93-48E8-BD56-880DD1D79754}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe |
"TCP Query User{2AD36B27-0E22-4E4B-9048-B1B8C5AB0BBA}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{2AF87745-73A0-4238-8675-F84569302DE8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{48CDB912-A19F-44C5-8F2C-3E3903C71133}C:\Program Files\Java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6DF92A82-D75E-4CCC-AF9E-F8AE802E1129}C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe |
"TCP Query User{6E96E05A-0AA0-495E-BE52-D1E85CA07BB3}C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe |
"TCP Query User{741F2101-9D68-4F5D-8056-B2C43447C920}C:\program files (x86)\steam\steamapps\soultaker6661\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\soultaker6661\team fortress 2\hl2.exe |
"TCP Query User{79AE0BB5-10CF-4A20-8D5F-2BCCB88DECED}C:\users\hernan\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\hernan\downloads\neverwinter_nw.1.20130416a.6.exe |
"TCP Query User{8E6CD84E-A6A5-4026-9538-6C5AA5F6DFF6}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{92F052E0-49A6-4751-984A-44DB01612B36}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{A6790179-5422-4A9F-AEB0-375806F3F562}C:\users\hernan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hernan\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C854B79D-5675-4CCE-8327-D5CEBD9B0B67}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{D1FD962A-B466-46B6-A07C-7BB070AEE976}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{EF166504-DAF9-402A-9B44-24EC7DD1B932}C:\program files (x86)\mortal kombat komplete edition\disccontentpc\mkke.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mortal kombat komplete edition\disccontentpc\mkke.exe |
"TCP Query User{FAA8BBBE-AD78-4861-BBC5-D54AF13E05CA}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{FE834D39-CE25-444F-9562-A59EA0F0FB1D}C:\users\hernan\documents\games\resident evil 6\bh6.exe" = protocol=6 | dir=in | app=c:\users\hernan\documents\games\resident evil 6\bh6.exe |
"UDP Query User{030E6204-B216-4006-9B40-B53351F55CB6}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{25713535-9AC2-4B10-9D03-71ADE68B8ACE}C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{2DAF8B04-3385-4DFB-AF27-5288F81175C5}C:\users\hernan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hernan\appdata\roaming\spotify\spotify.exe |
"UDP Query User{39472E7F-1A0A-427F-A573-CE1B944172A4}C:\users\hernan\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\hernan\downloads\neverwinter_nw.1.20130416a.6.exe |
"UDP Query User{438D21AD-EF61-41A5-83BF-D2ABBF16662B}C:\Program Files\Java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4C70F585-8FE8-4FC1-B2C6-F10ED07C66F4}C:\users\hernan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hernan\appdata\roaming\spotify\spotify.exe |
"UDP Query User{68BCBE20-DC7F-4ABC-ADB6-6CE60808C3CE}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{6D6F5AF6-2213-496A-93A0-CEBE328766D0}C:\program files (x86)\steam\steamapps\soultaker6661\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\soultaker6661\counter-strike source\hl2.exe |
"UDP Query User{71978396-73E8-4584-A5EE-1D41488E0C31}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{77129E55-8B3A-430F-9709-EDEDE4BE5F1E}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{8CA60635-DD44-4F09-8A2B-40CECAFFBD8A}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{9AE70A4A-52ED-4EAD-B816-E31C1D35F5F6}C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{A1A69D4B-A39D-4600-B133-38FDF0EAB8F3}C:\program files (x86)\steam\steamapps\soultaker6661\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\soultaker6661\team fortress 2\hl2.exe |
"UDP Query User{A4D2CF6C-5AC9-4665-8DDA-E34C22242DAE}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe |
"UDP Query User{C828CDF7-61CE-4C03-987F-50807276146F}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{CCD25E88-CA46-4990-A933-41B168155B36}C:\users\hernan\documents\games\resident evil 6\bh6.exe" = protocol=17 | dir=in | app=c:\users\hernan\documents\games\resident evil 6\bh6.exe |
"UDP Query User{CE0657FD-7BF8-4697-A6A2-6A6544AAF425}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{DC4EBD08-E467-4FA0-9F5C-05178DD81DB9}C:\program files (x86)\mortal kombat komplete edition\disccontentpc\mkke.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mortal kombat komplete edition\disccontentpc\mkke.exe |
"UDP Query User{E4AC1D86-0602-443D-ABD9-C1EAA1491942}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{E7A00611-CC50-42AA-987D-0E703CC8DA41}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416045FF}" = Java™ 6 Update 45 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5C1DA3D9-F590-4317-A4FB-274F658E504B}" = Intel® PROSet/Wireless WiMAX Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D4B3647-9842-4875-B081-EF8D98C02865}" = WMPKeys
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7257132D-7F65-41E6-A90F-43BF6099461A}" = Intel® WiDi
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.2
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Convert Audio Free FLAC to MP3_is1" = Convert Audio Free FLAC to MP3 version 1.0
"DAEMON Tools Pro" = DAEMON Tools Pro
"DMC Devi May Cry © Capcom_is1" = DMC Devi May Cry © Capcom version 1
"Earthworm Jim_is1" = Earthworm Jim
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Minecraft1.6.2" = Minecraft1.6.2
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"ProInst" = Intel PROSet Wireless
"Smart Defrag 2_is1" = Smart Defrag 2
"Steam App 209870" = Blacklight: Retribution
"Steam App 212180" = Combat Arms
"Steam App 223390" = Forge
"Steam App 234310" = March of War
"Steam App 240" = Counter-Strike: Source
"Steam App 570" = Dota 2
"Steam App 6060" = Star Wars - Battlefront II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TWV0cm9MYXN0TGlnaHQ=_is1" = Metro: Last Light © Deep Silver version 1
"VLC media player" = VLC media player 2.0.8
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2013 2:11:24 PM | Computer Name = Hernan-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 3:19:51 PM | Computer Name = Hernan-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 6:48:14 PM | Computer Name = Hernan-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2013 7:45:27 PM | Computer Name = Hernan-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Search' could not be shut down.

Error - 8/24/2013 12:50:50 PM | Computer Name = Hernan-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/24/2013 7:03:35 PM | Computer Name = Hernan-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/24/2013 7:05:30 PM | Computer Name = Hernan-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 8/24/2013 7:05:31 PM | Computer Name = Hernan-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 8/24/2013 7:05:31 PM | Computer Name = Hernan-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 8/24/2013 7:05:32 PM | Computer Name = Hernan-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 8/24/2013 7:05:32 PM | Computer Name = Hernan-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 8/24/2013 7:05:32 PM | Computer Name = Hernan-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 8/25/2013 1:15:09 AM | Computer Name = Hernan-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/7/2013 4:57:19 PM | Computer Name = Hernan-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 9/7/2013 8:55:59 PM | Computer Name = Hernan-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 9/8/2013 3:04:14 AM | Computer Name = Hernan-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147218173.

Error - 9/8/2013 3:04:14 AM | Computer Name = Hernan-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 9/8/2013 3:04:31 AM | Computer Name = Hernan-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 9/8/2013 12:09:53 PM | Computer Name = Hernan-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 9/9/2013 11:47:46 AM | Computer Name = Hernan-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 9/9/2013 10:44:56 PM | Computer Name = Hernan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 9/9/2013 10:44:56 PM | Computer Name = Hernan-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 9/10/2013 12:30:22 PM | Computer Name = Hernan-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058


< End of report >

And this is the hijack this re
port.
  • 0

Advertisements

#2
Cyphox
Posted 18 September 2013 - 04:29 AM

Cyphox

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Bump help me please
  • 0

#3
blmadara
Posted 22 September 2013 - 03:04 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi Cyphox, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.



Step One: Run OTL Custom Scan

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    netsvcs
msconfig
drives
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
  • Please select the Scan All Users checkbox.
  • Make sure the checkboxes next to Lop Check and Purity Check are selected.
  • Under Extra Registry heading, select Use Safelist.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.

Step Three: Computer Symptoms

Please let me know what problems you are having with your computer.


What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.
3. Let me know what problems you are having with your computer.
  • 0

#4
Essexboy
Posted 29 September 2013 - 08:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP