Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer very slow! Think there is a virus! i have otl code


  • Please log in to reply

#1
bpballer

bpballer

    New Member

  • Member
  • Pip
  • 3 posts
Hello. I have a problem with my computer. Its super slow and i think i have a virus. I ran otl and i have the code. When i first got my laptop it was super fast. I started downloading things and lots of other things. It wont let me in cmd do Ipconfig. Also i cant open reg edit like i used to. Anyway here is the code i got after scanning my computer with OTL. Can you guys give some tips? Thanks. :confused:
:help:

OTL logfile created on: 9/19/2013 5:34:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Blake Pecore\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16688)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.59 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 53.91% Memory free
6.96 Gb Paging File | 4.22 Gb Available in Paging File | 60.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.65 Gb Total Space | 359.59 Gb Free Space | 81.23% Space Free | Partition Type: NTFS

Computer Name: BLAKE | User Name: Blake Pecore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/18 19:24:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Blake Pecore\Downloads\OTL.exe
PRC - [2013/09/13 11:02:00 | 003,029,472 | ---- | M] () -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
PRC - [2013/09/02 20:59:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/12 14:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/01/24 14:12:30 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\No-IP\DUC40.exe
PRC - [2012/08/26 05:48:58 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012/08/26 05:48:54 | 000,076,920 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012/08/26 05:48:46 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012/08/24 02:41:44 | 002,788,472 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2012/08/10 04:37:48 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/08/07 21:12:46 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
PRC - [2012/07/25 23:20:55 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2012/06/07 23:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/04/03 09:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/16 19:04:17 | 000,017,408 | ---- | M] () -- C:\Users\Blake Pecore\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll
MOD - [2013/09/13 11:02:00 | 003,029,472 | ---- | M] () -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
MOD - [2013/09/13 11:00:35 | 002,700,768 | ---- | M] () -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
MOD - [2013/08/19 07:19:29 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fc5d4ada42ed8e9a30b64912f5dc9767\System.Xml.ni.dll
MOD - [2013/08/19 07:19:12 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6b49661877ca78101ebc697b9a6a95fd\System.Windows.Forms.ni.dll
MOD - [2013/08/19 07:18:40 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e4447d26cd9083018bd28ddd60a0248\System.Drawing.ni.dll
MOD - [2013/08/19 07:16:14 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\1b46657236c1f942f9dbaf6aac73bb49\System.ni.dll
MOD - [2013/07/22 18:09:08 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/17 20:53:59 | 011,500,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll
MOD - [2013/07/12 14:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 14:49:43 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 14:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 14:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 14:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 14:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/24 14:12:30 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\No-IP\DUC40.exe
MOD - [2013/01/24 02:34:34 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\No-IP\ducapi.dll
MOD - [2012/08/26 05:48:58 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012/08/26 05:48:54 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012/08/26 05:48:46 | 000,029,816 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012/08/26 05:48:40 | 000,091,768 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012/08/26 05:48:40 | 000,026,232 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012/06/07 23:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/06/07 22:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/16 01:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 20:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 18:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 02:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/03/01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 19:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/06 00:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 02:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/07 22:46:00 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/09/13 11:02:00 | 003,029,472 | ---- | M] () [Auto | Running] -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -- (BitGuard)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/21 10:13:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/06 18:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/06 00:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/26 05:48:58 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012/08/10 05:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/08/10 04:37:48 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/10 19:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/04/03 09:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/16 01:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/07/09 04:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 18:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 02:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/10 17:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/06/01 07:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 07:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/31 23:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/04 03:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 03:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/06 18:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/06 18:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/03/02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 06:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/21 14:23:08 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2013/02/21 14:23:06 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2013/02/21 14:23:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2013/01/09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/26 23:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 00:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 01:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012/09/20 03:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 03:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/24 07:57:36 | 000,450,872 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/10 05:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/08/10 05:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/10 05:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/08/10 05:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/08/10 05:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/08/10 05:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/10 05:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/08/10 05:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/08/08 00:03:34 | 010,283,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/08/07 21:48:22 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/27 08:00:03 | 000,023,408 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 22:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 22:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/23 19:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/07/23 01:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/07/23 01:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/07/16 20:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/06/24 21:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/15 01:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/06/12 09:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/05/25 20:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hamachi.sys -- (hamachi)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2553E03D-4E90-4B0A-9B24-8BA68986359F}
IE:64bit: - HKLM\..\SearchScopes\{2553E03D-4E90-4B0A-9B24-8BA68986359F}: "URL" = http://www.bing.com/...E10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {2553E03D-4E90-4B0A-9B24-8BA68986359F}
IE - HKLM\..\SearchScopes\{2553E03D-4E90-4B0A-9B24-8BA68986359F}: "URL" = http://www.bing.com/...E10TR&pc=MASMJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...119722&tsp=4948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...e={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...e={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-se...119722&tsp=4948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...e={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...e={installDate}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...e={installDate}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119722&tsp=4948
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Blake Pecore\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)


[2013/06/20 22:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = http://www1.delta-se...119722&tsp=4948
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www1.delta-se...119722&tsp=4948
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Blake Pecore\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Google Drive = C:\Users\Blake Pecore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Blake Pecore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Blake Pecore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Blake Pecore\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Select Links App = C:\Users\Blake Pecore\AppData\Local\Google\Chrome\User Data\Default\Extensions\olphnlmagfcbingeeidpicgkgabodaen\4.3_0\
CHR - Extension: Gmail = C:\Users\Blake Pecore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SelectionLinks) - {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_B9C0E389F12B82F4333744107BCBA1C6] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB95244E-E240-4EB2-9436-6B0B57B41AE2}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2DAD4DF-72CF-42EF-806A-D96D910512C9}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\programdata\bitguard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bitguard.dll) - c:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a7dc0a09-bb01-11e2-be91-50b7c3484374}\Shell - "" = AutoRun
O33 - MountPoints2\{a7dc0a09-bb01-11e2-be91-50b7c3484374}\Shell\AutoRun\command - "" = "E:\TL_Bootstrap.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/17 21:50:42 | 000,000,000 | R--D | C] -- C:\Users\Blake Pecore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/09/17 17:03:09 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding
[2013/09/17 17:01:07 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Local\Vitalwerks
[2013/09/17 17:00:53 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
[2013/09/17 17:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2013/09/17 16:43:40 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
[2013/09/17 16:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFPortChecker
[2013/09/16 18:59:58 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\Desktop\Minecraft Server
[2013/09/15 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Local\LogMeIn Hamachi
[2013/09/15 17:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/09/15 17:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/09/13 18:47:44 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Local\avgchrome
[2013/09/13 18:25:53 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[2013/09/13 18:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\BitGuard
[2013/09/07 15:25:45 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2013/09/07 15:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013/09/07 14:59:55 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Roaming\Unity
[2013/09/07 14:48:25 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Local\Unity
[2013/09/02 21:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/09/02 20:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/09/02 20:11:08 | 000,000,000 | ---D | C] -- C:\windows\Simple Port Forwarding
[2013/09/02 20:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simple Port Forwarding
[2013/09/02 20:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/08/31 18:54:05 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\matrixCache7
[2013/08/26 13:51:59 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Local\libimobiledevice
[2013/08/26 13:50:07 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Roaming\Apple Computer
[2013/08/26 13:50:07 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Local\Apple Computer
[2013/08/26 13:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/26 13:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/08/26 13:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/08/26 13:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/08/26 13:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/08/26 13:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/08/26 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\Blake Pecore\AppData\Local\Apple
[2013/08/26 13:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/08/26 13:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/08/26 13:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/08/26 13:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/08/26 13:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/08/26 13:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/08/25 12:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponXplorer_5z Chrome Extension
[2012/12/26 02:13:15 | 000,040,445 | ---- | C] (Beepa Pty Ltd) -- C:\Users\Blake Pecore\uninstall.exe
[2012/09/04 04:58:55 | 002,258,432 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[2012/08/30 09:20:14 | 002,550,968 | ---- | C] (Beepa P/L) -- C:\Users\Blake Pecore\fraps.exe
[2012/08/30 09:20:14 | 000,234,168 | ---- | C] (Beepa P/L) -- C:\Users\Blake Pecore\fraps32.dll
[2012/08/30 09:20:14 | 000,186,552 | ---- | C] (Beepa P/L) -- C:\Users\Blake Pecore\fraps64.dll
[2012/08/30 09:20:14 | 000,068,792 | ---- | C] (Beepa P/L) -- C:\Users\Blake Pecore\fraps64.dat
[2012/08/30 09:17:20 | 000,140,288 | ---- | C] (Beepa P/L) -- C:\Users\Blake Pecore\frapslcd.dll

========== Files - Modified Within 30 Days ==========

[2013/09/19 17:33:55 | 000,860,718 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/19 17:33:55 | 000,727,746 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/19 17:33:55 | 000,136,438 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/19 17:31:22 | 000,000,922 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/19 17:27:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/18 19:52:00 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Xerox PhotoCafe Communicator.job
[2013/09/17 15:58:21 | 000,000,918 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/16 19:25:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/09/16 19:25:40 | 3083,464,704 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/02 23:56:54 | 000,000,138 | ---- | M] () -- C:\Users\Blake Pecore\Documents\Compile.bat
[2013/08/26 13:49:54 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2013/09/16 17:31:09 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/09/16 17:25:28 | 000,387,583 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/09/02 23:56:54 | 000,000,138 | ---- | C] () -- C:\Users\Blake Pecore\Documents\Compile.bat
[2013/08/26 13:49:54 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/08/26 13:46:36 | 000,002,563 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/07/09 19:19:47 | 000,000,053 | ---- | C] () -- C:\Users\Blake Pecore\citellum_cl_citellum_Core.dat
[2013/07/09 19:11:52 | 000,000,051 | ---- | C] () -- C:\Users\Blake Pecore\matrix_cl_artistry_LIVE.dat
[2013/07/09 14:10:51 | 000,000,051 | ---- | C] () -- C:\Users\Blake Pecore\matrix_cl_validus_LIVE.dat
[2013/07/08 22:18:18 | 000,000,050 | ---- | C] () -- C:\Users\Blake Pecore\noregret_cl_runez_LIVE.dat
[2013/06/28 16:47:20 | 000,000,056 | ---- | C] () -- C:\Users\Blake Pecore\infinity_cl_infinity724_LIVE.dat
[2013/06/28 16:45:48 | 000,000,049 | ---- | C] () -- C:\Users\Blake Pecore\rune_evo_evolution_cache.dat
[2013/06/20 23:02:12 | 000,000,110 | ---- | C] () -- C:\windows\GMouse.ini
[2013/05/25 21:53:46 | 000,000,100 | ---- | C] () -- C:\Users\Blake Pecore\AppData\Local\fusioncache.dat
[2013/05/13 22:23:35 | 000,866,452 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/03/28 19:53:25 | 000,000,049 | ---- | C] () -- C:\Users\Blake Pecore\matrix_cl_matrix_LIVE.dat
[2013/02/25 18:13:32 | 000,000,051 | ---- | C] () -- C:\Users\Blake Pecore\jagex_cl_oldschool_LIVE.dat
[2013/02/23 14:23:51 | 000,703,117 | ---- | C] () -- C:\Users\Blake Pecore\AppData\Roaming\technic-launcher.jar
[2013/02/21 23:29:00 | 000,000,000 | ---- | C] () -- C:\Users\Blake Pecore\jagex__preferences3.dat
[2013/02/21 23:28:58 | 000,000,099 | ---- | C] () -- C:\Users\Blake Pecore\jagex_Runescape_preferences2.dat
[2013/02/21 23:27:55 | 000,000,046 | ---- | C] () -- C:\Users\Blake Pecore\jagex_Runescape_preferences.dat
[2013/02/19 16:58:50 | 000,000,051 | ---- | C] () -- C:\Users\Blake Pecore\jagex_cl_runescape_LIVE.dat
[2013/02/19 16:58:50 | 000,000,024 | ---- | C] () -- C:\Users\Blake Pecore\random.dat
[2012/12/25 18:18:39 | 000,581,642 | ---- | C] () -- C:\Users\Blake Pecore\AppData\Roaming\technic-launcher.jar.bak
[2012/09/04 04:58:55 | 000,003,196 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2012/09/04 04:29:07 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/08/30 09:09:28 | 000,001,892 | ---- | C] () -- C:\Users\Blake Pecore\README.HTM
[2012/08/21 09:43:36 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/08/21 09:43:36 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/08/21 09:43:35 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/05/10 03:35:16 | 000,029,184 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2013/05/13 22:21:36 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 02:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 01:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/19 17:32:02 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\.minecraft
[2013/07/08 11:58:14 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\.soulsplit
[2013/03/25 17:31:44 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\.spoutcraft
[2013/07/18 13:55:50 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\.technic
[2013/06/20 22:56:29 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\BabSolution
[2013/06/20 22:56:02 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\Babylon
[2013/04/27 08:36:29 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\ftblauncher
[2013/03/10 11:00:04 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\logs
[2012/12/27 23:05:13 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\ooVoo Details
[2013/08/21 09:40:18 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\Synaptics
[2013/09/07 14:59:55 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\Unity
[2013/06/04 21:03:08 | 000,000,000 | ---D | M] -- C:\Users\Blake Pecore\AppData\Roaming\WebApp

========== Purity Check ==========



< End of report >

Also i have Extras!

OTL Extras logfile created on: 9/19/2013 5:34:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Blake Pecore\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16688)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.59 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 53.91% Memory free
6.96 Gb Paging File | 4.22 Gb Available in Paging File | 60.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.65 Gb Total Space | 359.59 Gb Free Space | 81.23% Space Free | Partition Type: NTFS

Computer Name: BLAKE | User Name: Blake Pecore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12324641-E791-4A71-B498-0BFCDABCAA72}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2249BA65-92ED-43F3-8593-358A8214C475}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BD140BE-1A1A-450B-8BE1-183FDA697EE3}" = rport=25565 | protocol=6 | dir=out | name=minecraft |
"{308B7952-8FC6-4F4C-991A-D4CD583261D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3501943A-195B-4B4F-9783-A6938A69E8C3}" = rport=445 | protocol=6 | dir=out | app=system |
"{3A18DA18-9E2A-4A7A-AC09-2EDF3324B255}" = lport=138 | protocol=17 | dir=in | app=system |
"{41A92BB1-44BB-42B7-8EC5-9EAFF7007B0D}" = lport=139 | protocol=6 | dir=in | app=system |
"{48B99F92-6257-420B-9F5C-CD8FFD7AFD47}" = rport=10243 | protocol=6 | dir=out | app=system |
"{550D9D3C-D9DF-4414-8BB4-0364D58F62FC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5CB18FBA-01DE-44A0-98F9-B981387A465D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D5AC985-D99C-4D72-A3C8-3C044272EB35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7346907A-1409-4F4E-BFB7-ADA83ED57977}" = lport=445 | protocol=6 | dir=in | app=system |
"{95CD6F62-6CB6-4E5C-A417-E60C148E225D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9E4EB570-64AD-47B3-8E21-988D07DE6800}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A49693F8-8112-483E-944E-DAC89D9F78BC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AAABE926-B4DF-41A1-A3E8-335308E99034}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE464732-B3D7-4FC8-9910-BB64F5C6582A}" = rport=139 | protocol=6 | dir=out | app=system |
"{C22A4CFE-3816-4E68-9463-3656E1264E19}" = lport=137 | protocol=17 | dir=in | app=system |
"{D2789688-020A-4B1E-962C-701710F97D61}" = rport=138 | protocol=17 | dir=out | app=system |
"{D4960AA3-A518-4967-BB70-33F5A18ECEB3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EE3F6EC0-AA53-431A-8492-AA68798C825C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE90BE2E-8DE9-4EC9-BA79-07FD68B9001E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F723EC47-2DED-42D8-BBF5-961653B97F16}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE791D51-DF9D-4C41-8BD2-1149CA0C3678}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0032130C-B2FD-44CA-8D1B-BB23D7255073}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10468F06-4DDD-469A-BEBB-FC769DB94496}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{10FBE90A-F856-4B79-8BCF-764D36A4E9DD}" = protocol=6 | dir=out | app=system |
"{13CE21A9-5065-4397-B2E2-19BDC0E02B0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{159EDE94-3B08-416C-AED9-6C88DB7CD4FB}" = dir=out | name=kindle |
"{1A6EFF50-0DDD-46FC-8C63-44C8121145BA}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{1C99B039-ECEB-4765-8D50-AC4E86A46AFA}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{1ECF8269-AC7B-4711-AC96-B650DC235478}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2531EBFF-CF62-4432-8540-5AC2E9AEA529}" = dir=out | name=skype |
"{2929C9C8-6DDB-4BF8-A0A0-836583AD0F55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2CBD999B-9C10-4921-BEFA-E726F74C9754}" = protocol=6 | dir=in | app=c:\users\blake pecore\downloads\starterpack_runelocus\starterpack_runelocus\server\java.exe |
"{2CD4B189-AD67-4141-AB74-4A4244E688A2}" = dir=out | name=stumbleupon |
"{2FE4AC7B-CBC3-4A0E-892E-04C04063545C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{30F981A0-6A53-466A-849D-A1610C747FBE}" = protocol=17 | dir=in | app=c:\users\blake pecore\appdata\local\apps\2.0\cch30q78.w9z\gb01h0m7.z94\laun...app_59711684aa47878d_0001.0022_3faec28a70760353\launcher.exe |
"{33390C76-ACCC-4A2E-A9CF-4647AB9F850E}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{369FDBAE-186D-4ED4-B7A5-77F98D9A1347}" = dir=out | name=netflix |
"{3785927E-1BD6-43A9-BF89-A97D4FAA3F9A}" = protocol=6 | dir=in | app=c:\programdata\turbine\ddo unlimited\dndclient.exe |
"{390A2D34-E697-4429-8EE7-ABA3BFDA0378}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3C0F1746-7A1F-485E-9224-D5BED7511522}" = dir=in | name=skype |
"{3DABFED6-FE53-4173-85DD-78C8CE9CDA5F}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{3F2E6FCA-AAAA-4E5C-BE85-A19B3C33A790}" = dir=out | name=windows_ie_ac_001 |
"{40F3D32F-AC47-44AC-AA51-38CB5B30B91E}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{44EDCF7F-E926-4949-BBD4-3D14CCA51D67}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{46866796-5737-4B79-AF55-03C30A6D0CAF}" = protocol=17 | dir=in | app=c:\programdata\turbine\ddo unlimited\dndclient.exe |
"{469383E8-EC9C-4C9D-AFD2-64EFA19EA03E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4956DDE7-AB35-4419-8902-011BE577EBC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A784373-7C27-4D40-A807-4499806E6B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4CC5357D-138F-4BE2-BF61-C68D061E6152}" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"{503694C9-997C-4B6A-BEDE-7F6F7F5B96B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52FA6550-A8AD-4A07-A15F-0898959D3F06}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{55DB2A2C-2AD6-4342-B6B1-F85A214B38CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55F26F51-8A1D-46D8-B8C3-26E4BA44C999}" = dir=out | name=music maker jam |
"{57685950-D321-4354-9E7D-8F94399567A5}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{5CE25217-A063-4A75-A45B-4B9F98E8B4E0}" = dir=out | name=s player |
"{5F6B2D88-B7ED-469B-8654-055258CD2F92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{60E25EE2-28DD-4B7A-8EBA-90D771829925}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{6129474F-AA84-4865-8964-4121EF92A6BC}" = dir=out | name=samsung signature store |
"{622ECBBD-7C48-406E-A784-02E195FDD5D7}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{631BF323-DD33-40C0-8ECB-AB38487DB2D0}" = dir=out | name=s camera |
"{634EBC5F-536C-49A1-BFB4-BCCA5DC4D3A1}" = protocol=6 | dir=in | app=c:\programdata\turbine\ddo unlimited\turbinelauncher.exe |
"{65860829-D67A-48C5-BC20-E271416AA376}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{65BEC567-17DD-4A60-9002-EA2ED5CFAE55}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{661D56F2-12F5-48AF-B899-7CAF2E9555F4}" = protocol=1 | dir=out | [email protected],-28544 |
"{6A209A05-8310-4C19-8D26-FD0FF337833B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C68AF9D-2AA2-4246-AA3E-D7DB0B7063DF}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{74D8E70B-E479-4ECE-A4C1-14E3732FBF25}" = dir=out | name=evernote |
"{790DF6DD-2D16-47AC-B188-9A74281EAF86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{792C9825-C322-4B8E-A1D8-BE18AB2614AF}" = dir=out | name=jamie's recipes |
"{797C888C-0825-445D-B2B3-C505BF0C75C9}" = protocol=17 | dir=in | app=c:\users\blake pecore\downloads\starterpack_runelocus\starterpack_runelocus\server\java.exe |
"{7B1AE26A-00B9-406B-9559-9E72BA2A0B5C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81F9AE0B-FDF0-457B-BF34-0E5B4F804A19}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{839A5856-6B12-4A7C-BD8D-00B98A6AEEB1}" = dir=in | name=evernote |
"{8573ADE3-861C-4D1D-B952-938DFBF695D6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{8589890E-5B66-4A64-9E2B-E5176D156C36}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{885F78D8-0088-4D08-8E1A-373DA82280E7}" = dir=out | name=photoeditor |
"{8932794A-7663-4246-AB47-E951275D354A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D10AAB9-D9F6-4C42-A320-3AB34415992D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8F6636C0-3B15-4236-BEB8-4D9BE7D5D8BF}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{9382AC19-BF26-4E16-8370-3A463D1DEF45}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9451AD99-82E0-48C8-91DF-9E1171B14A18}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{97A78CFC-CE99-4636-8466-F5A753B018C8}" = dir=out | name=merriam-webster dictionary |
"{9A92FF38-10B2-4CFE-8E0C-E2CC6E8E0B26}" = dir=out | name=fresh paint |
"{9CB4B938-82CE-4026-80F6-F93F4DA0C964}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EAA4045-612E-41AE-96EE-2E14BA301134}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A07BE826-4A6D-4FD3-92C0-A88BABEBC446}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A42C1AC3-F76A-439F-BB68-F4B3B6D4D01D}" = protocol=58 | dir=out | [email protected],-28546 |
"{A57C8B9D-7B4A-4BDB-B33A-57F38134F7D5}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{A662C9E7-0622-4EEA-AABC-7371649E18D8}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{A693D579-7D8B-471E-AB94-3EBB43C635F1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{A8751EBD-F340-4369-88B6-C017E0B17EA1}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{ADA156CE-8CE0-4BA2-BAA7-4F9454D109DF}" = protocol=1 | dir=in | [email protected],-28543 |
"{BDEFFA00-F423-4797-BC67-A506949D5A41}" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"{BF78850D-1A60-49AA-BA44-0FF7269EAB3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C1D2C2B5-6DF1-4068-A10E-5281DF2E2806}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{C73E940F-D30A-4067-BBDA-D63DB2DC56D1}" = dir=out | name=s gallery |
"{CBE0F019-8603-43BB-B73D-25466190EFB5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D286C123-D054-447D-8F5C-41EE4AFCF1F2}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{D4D7F1B6-FEC9-4C4B-A3D2-8EE10B8E40AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4E054C0-C17C-421F-8D95-52959EFB7097}" = protocol=17 | dir=in | app=c:\programdata\turbine\ddo unlimited\turbinelauncher.exe |
"{D5D673D2-0372-4525-90C5-04528192D4D3}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{DFE46C3F-CEEC-4DAF-A12F-445C08139173}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{E1A24A6D-269E-41AB-8259-84F8081DF1A4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{E6A44E9A-ED51-4995-816F-974166687572}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8D8A3C7-22BB-496A-B60E-E3D3D25F3689}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{EB13BEA4-A12A-4C7E-9C73-585E5BA9543D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F14AA206-3C1A-462E-8C9D-766074848300}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F36148E3-ECF0-461F-B53D-94A28B125CDD}" = protocol=58 | dir=in | [email protected],-28545 |
"{F7132A53-2951-4D2E-B872-17840091AB42}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F9196B07-04C4-460E-99E4-EB96F082DB2C}" = dir=in | name=kindle |
"{F93F7503-74DD-4E6C-A3B2-101F93BC4FEF}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{FB028F26-4410-4A0E-9398-45B8E3EB682A}" = protocol=6 | dir=in | app=c:\users\blake pecore\appdata\local\apps\2.0\cch30q78.w9z\gb01h0m7.z94\laun...app_59711684aa47878d_0001.0022_3faec28a70760353\launcher.exe |
"{FBE28DB1-45E1-43C1-B5E7-55F08488AB01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD6F31A0-3098-4F64-80D9-A2D42574D9A7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{05CCC6FE-8747-45A0-B63F-04FE84818980}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{067F92C6-9766-4BCD-BA1B-05258B775498}C:\users\blake pecore\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\blake pecore\appdata\local\akamai\netsession_win.exe |
"TCP Query User{087DE28A-D611-4BC8-A2D3-3C2AE7AB39F9}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{0EE4F691-98A9-4DEE-A405-DC6CAC9E319F}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{2E90F4A0-9D6D-484F-82C9-35CFC250F01A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{3BA3F6AE-C99D-4B84-A5AE-A2A54C59E5D0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{3CA3F7A4-0EC1-4BD0-BA00-5AFB26022A8D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{58D6E92D-2222-433B-A207-BA5ECDE7A79B}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{6D638F8C-D2BB-49C9-8937-9F4D37ADAB4C}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"TCP Query User{6EA9AFEB-7BF3-4146-8316-D02A470C1EC2}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{824DD5FC-BE52-4089-9CDD-C216A9CDBF4F}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |
"TCP Query User{834F8DAA-FFB4-405E-B010-E2A3DF63631C}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{8AC5AB8A-EE83-4950-B1B0-1C45BC43D36D}C:\users\blake pecore\appdata\local\apps\2.0\cch30q78.w9z\gb01h0m7.z94\laun...app_59711684aa47878d_0001.0022_3faec28a70760353\launcher.exe" = protocol=6 | dir=in | app=c:\users\blake pecore\appdata\local\apps\2.0\cch30q78.w9z\gb01h0m7.z94\laun...app_59711684aa47878d_0001.0022_3faec28a70760353\launcher.exe |
"TCP Query User{92B4EF27-A448-422A-B3CF-59D49CB4C8E1}C:\users\blake pecore\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\blake pecore\appdata\local\akamai\netsession_win.exe |
"TCP Query User{AB8A7A4D-3838-4BD2-BFCF-D2F1CB65D63F}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{B0D658D1-DB8B-4A10-8A60-D5F3CF3FB743}C:\users\blake pecore\downloads\starterpack_runelocus\starterpack_runelocus\server\java.exe" = protocol=6 | dir=in | app=c:\users\blake pecore\downloads\starterpack_runelocus\starterpack_runelocus\server\java.exe |
"TCP Query User{DCAAC64C-BE66-4FC4-814B-1601992AAEB2}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{E7D8A8ED-300F-4DEC-B78D-2D9814EBE17A}C:\program files (x86)\simple port forwarding\spf.exe" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"UDP Query User{133B9CCE-0D26-4EDA-8C3F-7F49A1BC16F2}C:\program files (x86)\simple port forwarding\spf.exe" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"UDP Query User{14F29B55-DBA2-48DF-B96C-ACC2BF12BF41}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{19C99579-C7B4-4515-A05A-1346C2B05EC9}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{1AE675B4-753D-4C3F-9BE4-B9891E55374D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{2E9F346B-555B-4136-949D-6F10E1E41368}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{312A5675-0B93-486E-852E-F58C1AB39B87}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{4A84D5C7-DC72-4A65-99B0-F4E124F4982D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{59C2E47C-8BD5-49D7-90A9-13709720E963}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe |
"UDP Query User{5C222356-35A6-436C-885B-08AAEDF9B725}C:\users\blake pecore\appdata\local\apps\2.0\cch30q78.w9z\gb01h0m7.z94\laun...app_59711684aa47878d_0001.0022_3faec28a70760353\launcher.exe" = protocol=17 | dir=in | app=c:\users\blake pecore\appdata\local\apps\2.0\cch30q78.w9z\gb01h0m7.z94\laun...app_59711684aa47878d_0001.0022_3faec28a70760353\launcher.exe |
"UDP Query User{7B356500-CCC6-4642-89E6-16BBDBC15E03}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{82629469-98AD-475F-A985-BF2E31A8C61D}C:\users\blake pecore\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\blake pecore\appdata\local\akamai\netsession_win.exe |
"UDP Query User{AF966969-D855-4340-B89E-018A3203A375}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{B80E8C81-2B25-4A64-A99F-E1B33B65B645}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"UDP Query User{B96695CB-73F5-47A7-BFEE-54295870B0E7}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{C1E05BA7-B5C2-4260-9C0D-6D49ABFD8F64}C:\users\blake pecore\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\blake pecore\appdata\local\akamai\netsession_win.exe |
"UDP Query User{CD83EFE0-B5BE-4513-A1FF-475D017D82AA}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{E2CAABAC-55D3-492A-8131-CAD7661A0CCD}C:\users\blake pecore\downloads\starterpack_runelocus\starterpack_runelocus\server\java.exe" = protocol=17 | dir=in | app=c:\users\blake pecore\downloads\starterpack_runelocus\starterpack_runelocus\server\java.exe |
"UDP Query User{FE2B2818-7CAF-4A95-9702-0322F41B2CBF}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3D7275C7-8549-46AF-8B59-82A3EF301B31}" = Support Center
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{4483AA46-DCAA-48AA-B4A4-17BDC15A5A51}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{53460839-526B-5CEC-011C-6F01CE411CF1}" = AMD Catalyst Install Manager
"{64A3A4F4-B792-11D6-A78A-00B0D0170250}" = Java SE Development Kit 7 Update 25 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969B5BFB-094D-4D96-AC0C-C1A2675DB583}" = S Agent
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AEEA287D-E413-AF69-01C1-D983539BE775}" = AMD Accelerated Video Transcoding
"{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}" = Help Desk
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}" = Quick Starter
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"9F04C462DAB591BDCCE784F77E4D4F1736010B92" = Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{109C4472-6133-531A-B69D-8774E3940FB1}" = CCC Help Swedish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BitGuard
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1D3F8A34-E5EF-1378-EE77-FBC53744F9FB}" = CCC Help Italian
"{1D703F41-2C98-3CA5-6FF7-AF194E5E5A1B}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200823E3-F0B8-6A79-1FE8-C49CF2607CAC}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2B3CE5E1-EE4F-0F02-EC5C-F56E59BD7799}" = CCC Help Dutch
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{32A3A4F4-B792-11D6-A78A-00B0D0170250}" = Java SE Development Kit 7 Update 25
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{4264F626-A7B2-B75A-DE75-E5E618D19C5D}" = CCC Help English
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{46B14AF1-EDFA-4088-AB2B-22A8128A1C54}" = Photo Common
"{4724A9BB-72F8-37B5-E2AF-0DD0B200ECA3}" = AMD VISION Engine Control Center
"{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}" = SW Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D0CC480-D32D-4BA8-8D0A-0538EE870576}" = Catalyst Control Center - Branding
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{52E5DE60-C96B-42CC-9A37-FE04725940AE}" = Settings
"{5547725A-B333-475C-93C7-3B89267A72D4}" = Support Center FAQ
"{570EAA4A-D987-783F-B9AC-09A86F929FF2}" = CCC Help Russian
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{627CE320-FDE5-27E5-9877-E6EF79B5F206}" = CCC Help Greek
"{62D023F4-CFDF-4E49-9DAA-52DFF37E6C73}_is1" = Ghost Mouse Auto Clicker 3.8.2
"{6420AA9E-E67E-A0DB-D462-239BAD3BD712}" = CCC Help Hungarian
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}" = User Guide
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{803D4B7D-71CD-46B9-8F89-8BFD73920FAF}" = Windows Live UX Platform Language Pack
"{82339ADC-D164-78FF-F561-2D0280EBB63C}" = CCC Help Japanese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84ABC8FD-7523-9DB8-DAF5-1A8BB875A656}" = CCC Help Chinese Traditional
"{84DBF14E-074C-0038-687A-61C9FCFAE85B}" = CCC Help Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{91786428-D4AA-476D-8AF9-A63FFAC2901F}" = Allshare Play Link
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{959BC6D1-38C8-441F-9466-9ECCD4E68413}" = Galería de fotos
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97373E60-D071-418A-87F1-A969EEEEBDAC}" = Windows Live Essentials
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share
"{A89238FF-0060-B6A4-D5B3-797C91224198}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AEC9D7E5-A977-9FFA-68BB-299491DB3451}" = CCC Help Spanish
"{B37BD4C2-BD7F-0BC7-5C34-18F72CEE98FE}" = CCC Help Korean
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C18DE4C1-41DB-690D-F43D-69D2147657E8}" = CCC Help Finnish
"{C6B0083B-AA94-8896-DD95-C34FF8C93FF5}" = CCC Help Portuguese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDAD8D9E-4487-5C08-8BAD-08C01286A584}" = Catalyst Control Center InstallProxy
"{CDC2A521-C177-E527-67FA-19C6F5B02522}" = CCC Help Danish
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D747E3C4-CE5B-ABEB-D2BE-EE0A9C4D10DF}" = CCC Help Norwegian
"{D894EA25-E32F-2BA8-3BE8-1306C597356F}" = CCC Help Czech
"{DA4FD54D-FABC-57F3-3110-7D080B29516D}" = CCC Help Thai
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1DA4302-1C06-4533-AF6D-9D68B01FCB34}" = Movie Maker
"{F0446CD2-EB7F-5EC2-3CFE-3D80012E5A3B}" = CCC Help Polish
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9B151-AAF1-4390-8EE8-148418955817}" = LG VZW United Drivers
"{F94CD610-9831-06E8-B191-30F6BFB1387B}" = Catalyst Control Center Localization All
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"avast" = avast! Free Antivirus
"bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online v01.21.01.8029
"CouponXplorer_5z Chrome Extension Uninstall" = CouponXplorer Toolbar Chrome Extension
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Fraps" = Fraps (remove only)
"GhostMouse_is1" = GhostMouse
"Google Chrome" = Google Chrome
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NARA" = Norton Online Backup ARA
"NoIPDUC" = No-IP DUC
"PFPortChecker" = PFPortChecker 1.0.39
"Plants vs. Zombies" = Plants vs. Zombies
"Simple Port Forwarding" = Simple Port Forwarding
"sl-apl" = SelectionLinks
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xerox PhotoCafe" = Xerox PhotoCafe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"HappyCloud" = Happy Cloud Client
"UnityWebPlayer" = Unity Web Player
"WinRAR Packages" = WinRAR Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2013 6:36:45 PM | Computer Name = Blake | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7176

Error - 9/2/2013 8:16:58 PM | Computer Name = Blake | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/2/2013 9:00:14 PM | Computer Name = Blake | Source = Application Error | ID = 1000
Description = Faulting application name: delegate_execute.exe, version: 28.0.1500.72,
time stamp: 0x51e02f5c Faulting module name: BrowserDefender.dll, version: 2.6.1519.190,
time stamp: 0x51f24af7 Exception code: 0xc0000005 Fault offset: 0x00178d49 Faulting
process id: 0x1310 Faulting application start time: 0x01cea840f0d8ab3d Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\delegate_execute.exe
Faulting
module path: C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
Report
Id: 305cf885-1434-11e3-bea5-50b7c3484374 Faulting package full name: Faulting package-relative
application ID:

Error - 9/2/2013 9:00:22 PM | Computer Name = Blake | Source = Application Error | ID = 1000
Description = Faulting application name: delegate_execute.exe, version: 28.0.1500.72,
time stamp: 0x51e02f5c Faulting module name: BrowserDefender.dll, version: 2.6.1519.190,
time stamp: 0x51f24af7 Exception code: 0xc0000005 Fault offset: 0x00178d49 Faulting
process id: 0x1310 Faulting application start time: 0x01cea840f0d8ab3d Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\delegate_execute.exe
Faulting
module path: C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
Report
Id: 35043911-1434-11e3-bea5-50b7c3484374 Faulting package full name: Faulting package-relative
application ID:

Error - 9/2/2013 9:01:31 PM | Computer Name = Blake | Source = Application Error | ID = 1000
Description = Faulting application name: EasyLauncher.exe, version: 2.0.0.10, time
stamp: 0x50376625 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x764 Faulting application
start time: 0x01ce9c27b170c8f0 Faulting application path: C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
Faulting
module path: unknown Report Id: 5e3690ec-1434-11e3-bea5-50b7c3484374 Faulting package
full name: Faulting package-relative application ID:

Error - 9/2/2013 9:04:36 PM | Computer Name = Blake | Source = Application Error | ID = 1000
Description = Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time
stamp: 0x5021e5e8 Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time
stamp: 0x5021e5e8 Exception code: 0xc0000417 Fault offset: 0x000000000014d7cc Faulting
process id: 0x9c0 Faulting application start time: 0x01cea8416c483ee4 Faulting application
path: C:\ProgramData\MakeMarkerFile.exe Faulting module path: C:\ProgramData\MakeMarkerFile.exe
Report
Id: cc698fa2-1434-11e3-bea6-50b7c3484374 Faulting package full name: Faulting package-relative
application ID:

Error - 9/2/2013 9:07:14 PM | Computer Name = Blake | Source = Application Error | ID = 1000
Description = Faulting application name: WinRAR.exe, version: 4.20.0.0, time stamp:
0x4fd34d53 Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp:
0x515fac6e Exception code: 0xc0000024 Fault offset: 0x0007bac5 Faulting process id:
0x1150 Faulting application start time: 0x01cea8417e3f2bf8 Faulting application path:
C:\Program Files (x86)\WinRAR\WinRAR.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 2b0a1652-1435-11e3-bea6-50b7c3484374 Faulting package full name: Faulting package-relative
application ID:

Error - 9/2/2013 9:14:16 PM | Computer Name = Blake | Source = Application Error | ID = 1000
Description = Faulting application name: NOTEPAD.EXE, version: 6.2.9200.16384, time
stamp: 0x50109a6f Faulting module name: BrowserDefender.dll, version: 2.6.1519.190,
time stamp: 0x51f24af7 Exception code: 0xc0000005 Fault offset: 0x00178d49 Faulting
process id: 0xe4c Faulting application start time: 0x01cea842e1b2ed11 Faulting application
path: C:\windows\SysWOW64\NOTEPAD.EXE Faulting module path: C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
Report
Id: 26341a42-1436-11e3-bea6-50b7c3484374 Faulting package full name: Faulting package-relative
application ID:

Error - 9/2/2013 9:14:19 PM | Computer Name = Blake | Source = Application Error | ID = 1000
Description = Faulting application name: NOTEPAD.EXE, version: 6.2.9200.16384, time
stamp: 0x50109a6f Faulting module name: BrowserDefender.dll, version: 2.6.1519.190,
time stamp: 0x51f24af7 Exception code: 0xc0000005 Fault offset: 0x00178d49 Faulting
process id: 0xe4c Faulting application start time: 0x01cea842e1b2ed11 Faulting application
path: C:\windows\SysWOW64\NOTEPAD.EXE Faulting module path: C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
Report
Id: 281a4f10-1436-11e3-bea6-50b7c3484374 Faulting package full name: Faulting package-relative
application ID:

Error - 9/2/2013 9:18:25 PM | Computer Name = Blake | Source = Application Hang | ID = 1002
Description = The program WinRAR.exe version 4.20.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1020 Start Time:
01cea8417bfa586f Termination Time: 48 Application Path: C:\Program Files (x86)\WinRAR\WinRAR.exe

Report
Id: b6ff63ae-1436-11e3-bea6-50b7c3484374 Faulting package full name: Faulting package-relative
application ID:

[ System Events ]
Error - 9/2/2013 11:19:41 PM | Computer Name = Blake | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 9/3/2013 1:10:53 AM | Computer Name = Blake | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description =

Error - 9/3/2013 1:29:11 AM | Computer Name = Blake | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 9/3/2013 1:33:51 AM | Computer Name = Blake | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description =

Error - 9/3/2013 11:08:17 AM | Computer Name = Blake | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:47:30 AM on ?9/?3/?2013 was unexpected.

Error - 9/3/2013 11:07:57 AM | Computer Name = Blake | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 9/4/2013 10:51:54 AM | Computer Name = Blake | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 9/4/2013 2:37:30 PM | Computer Name = Blake | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 9/4/2013 2:53:11 PM | Computer Name = Blake | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 9/4/2013 7:25:12 PM | Computer Name = Blake | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and right click on the AdwCleaner icon and Run As Admin.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Ron
  • 0

#3
bpballer

bpballer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ok. I have avast and i dont know how to pause it. Sorry new to windows 8!
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Right click on the Avast ball and Avast! Shields Control, Disable Until Computer is Restarted
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP