Machiavelli,
Thanks for your assistance.
I've moved everything to the desktop.
I know I ran combofix, but cannot find it nor the logfile anywhere on my computer. Going by your directions above, I'm not going to d/l or run it again until you want me to.
Here is the latest Malware log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.21.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Myles :: MYLES-PC [administrator]
11/21/2013 2:29:32 PM
mbam-log-2013-11-21 (14-29-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271282
Time elapsed: 2 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
And, just for your information, here is the one that will likely be more helpful that I ran previous to it:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.21.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Myles :: MYLES-PC [administrator]
11/21/2013 9:44:25 AM
mbam-log-2013-11-21 (09-44-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 263904
Time elapsed: 1 minute(s), 24 second(s)
Memory Processes Detected: 1
C:\Program Files (x86)\Linksicle\Service\lssvc.exe (PUP.Optional.Linksicle) -> 5624 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 20
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite (PUP.Optional.DigitalSites.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Sea App (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linksicle (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKCR\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A073AC6F-0B69-494C-8D61-60618FA37B4A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKCR\Interface\{8A7BE212-5F53-4252-8DCA-1FB5451D4E2B} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\lssvc (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aartemis Browser Protecter (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4} (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{C585D593-E7F3-4852-A200-561686EE02E4} (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
HKCR\TheSeaApp.Plugin (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C585D593-E7F3-4852-A200-561686EE02E4} (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C585D593-E7F3-4852-A200-561686EE02E4} (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0T1F1P0T1P1O0A -> Quarantined and deleted successfully.
Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Aartemis) -> Bad: (
http://aartemis.com/...ATR340880308803) Good: (
http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Aartemis) -> Bad: (C:\Program Files\Internet Explorer\iexplore.exe
http://aartemis.com/...ATR340880308803) Good: (iexplore.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Aartemis) -> Bad: (
http://aartemis.com/...ATR340880308803) Good: (
http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Quarantined and repaired successfully.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Aartemis.A) -> Bad: (
http://aartemis.com/...ATR340880308803) Good: (
http://www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 7
C:\Users\Myles\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer) (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle (PUP.Optional.Linksicle) -> Delete on reboot.
C:\Program Files (x86)\Linksicle\3rd Party Licenses (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\IE (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\Service (PUP.Optional.Linksicle) -> Delete on reboot.
C:\Users\Myles\AppData\Roaming\aartemis (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
Files Detected: 24
C:\Users\Myles\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Local\Temp\is357113909\2198149_stp\cor_aartemis.exe (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Local\Temp\is357113909\2198201_stp\linksicle-setup-1.8.2.0.exe (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\The Sea App.dll.config (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Interop.SHDocVw.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Microsoft.mshtml.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\SpicIEx.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\The Sea App.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Uninstall.exe (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\terms-of-service.rtf (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\Uninstall.exe (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\3rd Party Licenses\SimpleSC-license.txt (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\3rd Party Licenses\UAC-license.txt (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\IE\LinksicleClientIE.dll (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Linksicle\Service\lssvc.exe (PUP.Optional.Linksicle) -> Delete on reboot.
C:\Users\Myles\AppData\Roaming\aartemis\cor_aartemis.json (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Roaming\aartemis\aartemis.exe (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Roaming\aartemis\DataBase (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
C:\Users\Myles\AppData\Roaming\aartemis\QQBrowserFrame.dll (PUP.Optional.Aartemis.A) -> Quarantined and deleted successfully.
(end)
Here is the OTL file:
OTL logfile created on: 11/21/2013 11:02:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myles\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 79.18% Memory free
15.96 Gb Paging File | 13.67 Gb Available in Paging File | 85.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.29 Gb Total Space | 586.31 Gb Free Space | 62.96% Space Free | Partition Type: NTFS
Computer Name: MYLES-PC | User Name: Myles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/11/21 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
PRC - [2013/11/12 21:39:06 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/08 14:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/08 14:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/25 10:57:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/06/05 11:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Myles\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
========== Modules (No Company Name) ========== MOD - [2013/11/12 21:39:45 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/13 14:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Myles\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 17:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Myles\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/04/13 12:52:23 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
========== Services (SafeList) ========== SRV:
64bit: - [2013/11/08 14:47:21 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:
64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:
64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:
64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/11/21 08:01:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/12 21:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/08 14:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/25 10:57:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/06 16:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/15 11:52:34 | 000,053,248 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/19 20:04:57 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2013/10/02 15:14:52 | 000,058,192 | ---- | M] (Linksicle) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\lsnfd.sys -- (lsnfd)
DRV:
64bit: - [2013/09/27 17:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:
64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:
64bit: - [2013/06/16 06:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:
64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:
64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/06/10 14:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:
64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://aartemis.com/...ATR340880308803IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE:
64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" =
http://www.aartemis....q={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.aartemis....q={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.aartemis....q={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 26 5F F0 C9 88 CD 01 [binary data]
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..\SearchScopes,DefaultScope = {196A6F2A-C603-4280-985F-EEC73134E040}
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE10SRIE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..\SearchScopes\{196A6F2A-C603-4280-985F-EEC73134E040}: "URL" =
http://search.yahoo....47,20028,0,25,0IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..\SearchScopes\{5E823D00-ECE1-401D-B659-4C245A5E7483}: "URL" =
http://www.mysearchr...q={searchTerms}IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-186217316-381863959-1373005331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/11/21 09:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myles\AppData\Roaming\Mozilla\Extensions
[2013/11/21 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/21 09:54:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/11/21 10:16:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:
64bit: - BHO: (Linksicle) - {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files\Linksicle\IE\LinksicleClientIE.dll (Linksicle)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:
64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-21-186217316-381863959-1373005331-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-186217316-381863959-1373005331-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-186217316-381863959-1373005331-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Myles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-186217316-381863959-1373005331-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-186217316-381863959-1373005331-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94D551E6-FAF4-4665-A20F-9C942AADF7E0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0737EED-D3B9-4BE7-89B8-E8A9E3010A59}: DhcpNameServer = 192.168.1.254
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2013/11/21 22:52:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
[2013/11/21 18:08:58 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Myles\Desktop\aswmbr.exe
[2013/11/21 10:18:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/21 10:17:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/21 10:05:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/21 10:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/11/21 09:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013/11/21 09:54:24 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\Mozilla
[2013/11/21 09:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/21 09:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/11/21 09:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/21 09:44:00 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/11/21 09:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Linksicle
[2013/11/21 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\DigitalSite
[2013/11/21 09:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[2013/11/21 09:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenIt
[2013/11/21 09:21:37 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\QuickPar
[2013/11/21 09:18:09 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013/11/21 09:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013/11/21 09:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2013/11/21 09:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2013/11/21 09:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/11/19 18:07:18 | 001,064,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2013/11/19 18:07:18 | 000,955,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2013/11/19 18:07:16 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\NVIDIA Corporation
[2013/11/19 18:05:37 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2013/11/19 18:05:37 | 000,028,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2013/11/16 01:42:56 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/16 01:42:56 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/16 01:42:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/16 01:42:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/16 01:42:55 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/16 01:42:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/16 01:42:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/16 01:42:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/16 01:42:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/16 01:42:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/16 01:42:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/16 01:42:53 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/16 01:42:53 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/16 01:42:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/16 01:42:52 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/15 08:32:34 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/15 08:32:22 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/15 08:32:22 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/15 08:32:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/15 08:32:22 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/15 08:32:22 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/15 08:32:13 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/15 08:32:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/15 08:32:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/15 08:32:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/15 08:32:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/15 08:31:59 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/15 08:31:52 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/15 08:31:52 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/15 08:31:52 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/15 08:31:52 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/03 09:26:55 | 000,000,000 | ---D | C] -- C:\Users\Myles\Documents\Spiderweb Software
[2013/10/28 07:27:45 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433165.dll
[2013/10/28 07:27:45 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433165.dll
[2013/10/28 07:27:45 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2013/10/28 07:27:44 | 030,344,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/10/28 07:27:44 | 025,257,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/10/28 07:27:44 | 022,933,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/10/28 07:27:44 | 018,199,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/10/28 07:27:44 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/10/28 07:27:44 | 015,855,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/10/28 07:27:44 | 011,426,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/10/28 07:27:44 | 011,374,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/10/28 07:27:44 | 009,524,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/10/28 07:27:44 | 009,480,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/10/28 07:27:44 | 003,131,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/10/28 07:27:44 | 003,124,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/10/28 07:27:44 | 002,946,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/10/28 07:27:44 | 002,747,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/10/28 07:27:44 | 001,241,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/10/28 07:27:44 | 000,696,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/10/28 07:27:44 | 000,655,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/10/28 07:27:44 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/10/28 07:27:44 | 000,560,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/10/28 07:27:44 | 000,317,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/10/28 07:27:44 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/10/28 07:27:44 | 000,168,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/10/28 07:27:44 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/10/25 18:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/25 18:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/25 10:57:27 | 000,000,000 | ---D | C] -- C:\Users\Myles\Documents\Assassin's Creed III
[2013/10/23 02:02:36 | 000,589,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/11/21 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
[2013/11/21 22:50:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/21 22:50:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/21 18:13:48 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 18:13:48 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 18:10:59 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/21 18:10:59 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/21 18:10:59 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/21 18:09:10 | 000,891,200 | ---- | M] () -- C:\Users\Myles\Desktop\SecurityCheck.exe
[2013/11/21 18:09:00 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Myles\Desktop\aswmbr.exe
[2013/11/21 18:06:08 | 2132,717,567 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 10:16:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/21 09:54:18 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/21 09:43:40 | 000,001,681 | ---- | M] () -- C:\Users\Myles\Desktop\Internet Explorer (64-bit).lnk
[2013/11/21 09:43:35 | 000,001,635 | ---- | M] () -- C:\Users\Myles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/21 09:43:19 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013/11/21 08:01:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/19 23:57:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/08 14:47:40 | 001,064,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2013/11/08 14:47:39 | 000,955,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2013/11/01 07:41:04 | 000,000,222 | ---- | M] () -- C:\Users\Myles\Desktop\Avadon 2 The Corruption.url
[2013/10/25 18:32:56 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/25 10:57:26 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/25 10:57:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/10/23 04:30:23 | 030,344,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/10/23 04:30:23 | 025,257,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/10/23 04:30:23 | 022,933,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/10/23 04:30:23 | 018,286,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/10/23 04:30:23 | 018,199,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/10/23 04:30:23 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/10/23 04:30:23 | 015,855,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/10/23 04:30:23 | 015,212,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/10/23 04:30:23 | 011,426,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/10/23 04:30:23 | 011,374,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/10/23 04:30:23 | 009,524,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/10/23 04:30:23 | 009,480,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/10/23 04:30:23 | 003,131,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/10/23 04:30:23 | 003,124,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/10/23 04:30:23 | 003,067,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/10/23 04:30:23 | 002,946,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/10/23 04:30:23 | 002,747,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/10/23 04:30:23 | 002,695,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/10/23 04:30:23 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433165.dll
[2013/10/23 04:30:23 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433165.dll
[2013/10/23 04:30:23 | 001,435,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013/10/23 04:30:23 | 001,241,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/10/23 04:30:23 | 000,696,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/10/23 04:30:23 | 000,655,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/10/23 04:30:23 | 000,599,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/10/23 04:30:23 | 000,560,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/10/23 04:30:23 | 000,317,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/10/23 04:30:23 | 000,266,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/10/23 04:30:23 | 000,168,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/10/23 04:30:23 | 000,141,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/10/23 04:30:23 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/23 02:20:08 | 006,669,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013/10/23 02:20:07 | 003,489,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013/10/23 02:20:05 | 000,219,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013/10/23 02:20:05 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013/10/23 02:20:03 | 003,426,956 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/10/23 02:02:36 | 000,589,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/11/21 18:09:07 | 000,891,200 | ---- | C] () -- C:\Users\Myles\Desktop\SecurityCheck.exe
[2013/11/21 09:54:18 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/21 09:54:18 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/21 09:43:19 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013/11/01 07:41:04 | 000,000,222 | ---- | C] () -- C:\Users\Myles\Desktop\Avadon 2 The Corruption.url
[2013/10/25 10:57:26 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/25 10:57:25 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/10/25 10:57:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/04/08 14:27:06 | 000,000,258 | RHS- | C] () -- C:\Users\Myles\ntuser.pol
[2012/09/24 16:08:32 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/05/13 18:06:38 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/24 12:26:53 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/24 10:29:56 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/03/24 10:29:52 | 000,030,387 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ========== [2013/11/21 09:44:00 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/11/21 09:46:32 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\DigitalSite
[2013/11/21 18:07:11 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Dropbox
[2013/04/10 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Kalypso Media
[2013/05/16 18:00:10 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Might & Magic Heroes VI
[2012/04/13 13:22:15 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\OpenOffice.org
[2013/04/28 08:49:11 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\StarDrive
[2013/11/09 23:44:18 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\TS3Client
[2012/09/06 17:32:23 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\wargaming.net
[2012/08/05 20:51:09 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Xilisoft
========== Purity Check ========== ========== Custom Scans ========== ========== Base Services ==========SRV:
64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:
64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:
64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:
64bit: - [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:
64bit: - [2010/11/20 07:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:
64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:
64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:
64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:
64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:
64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:
64bit: - [2010/11/20 07:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:
64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:
64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:
64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:
64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:
64bit: - [2010/11/20 07:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:
64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:
64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:
64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:
64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:
64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:
64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:
64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:
64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:
64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:
64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:
64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:
64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:
64bit: - [2010/11/20 07:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:
64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:
64bit: - [2010/11/20 07:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:
64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:
64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:
64bit: - [2010/11/20 07:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:
64bit: - [2010/11/20 07:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:
64bit: - [2010/11/20 07:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:
64bit: - [2010/11/20 07:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:
64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:
64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:
64bit: - [2010/11/20 07:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:
64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:
64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:
64bit: - [2010/11/20 07:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:
64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2010/11/20 07:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:
64bit: - [2010/11/20 07:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:
64bit: - [2010/11/20 07:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:
64bit: - [2010/11/20 07:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:
64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:
64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:
64bit: - [2010/11/20 07:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:
64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:
64bit: - [2010/11/20 07:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: QMGR.DLL >[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 19:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
< MD5 for: SERVICES >[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.CFG >[2013/09/03 07:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.LNK >[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.RDB >[2011/01/17 17:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 17:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
< MD5 for: SVCHOST.EXE >[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< dir "%systemdrive%\*" /S /A:L /C > Volume in drive C has no label.
Volume Serial Number is 6890-4136
Directory of C:\
07/13/2009 11:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Myles
03/24/2012 10:27 AM <JUNCTION> Application Data [C:\Users\Myles\AppData\Roaming]
03/24/2012 10:27 AM <JUNCTION> Cookies [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Cookies]
03/24/2012 10:27 AM <JUNCTION> Local Settings [C:\Users\Myles\AppData\Local]
03/24/2012 10:27 AM <JUNCTION> My Documents [C:\Users\Myles\Documents]
03/24/2012 10:27 AM <JUNCTION> NetHood [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/24/2012 10:27 AM <JUNCTION> PrintHood [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/24/2012 10:27 AM <JUNCTION> Recent [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Recent]
03/24/2012 10:27 AM <JUNCTION> SendTo [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\SendTo]
03/24/2012 10:27 AM <JUNCTION> Start Menu [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Start Menu]
03/24/2012 10:27 AM <JUNCTION> Templates [C:\Users\Myles\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Myles\AppData\Local
03/24/2012 10:27 AM <JUNCTION> Application Data [C:\Users\Myles\AppData\Local]
03/24/2012 10:27 AM <JUNCTION> History [C:\Users\Myles\AppData\Local\Microsoft\Windows\History]
03/24/2012 10:27 AM <JUNCTION> Temporary Internet Files [C:\Users\Myles\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Myles\AppData\LocalLow
03/24/2012 06:27 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Myles\Documents
03/24/2012 10:27 AM <JUNCTION> My Music [C:\Users\Myles\Music]
03/24/2012 10:27 AM <JUNCTION> My Pictures [C:\Users\Myles\Pictures]
03/24/2012 10:27 AM <JUNCTION> My Videos [C:\Users\Myles\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
03/24/2012 10:38 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
03/24/2012 10:38 AM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
03/24/2012 10:38 AM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
03/24/2012 10:38 AM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
03/24/2012 10:38 AM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/24/2012 10:38 AM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/24/2012 10:38 AM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
03/24/2012 10:38 AM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
03/24/2012 10:38 AM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
03/24/2012 10:38 AM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
03/24/2012 10:38 AM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
03/24/2012 10:38 AM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
03/24/2012 10:38 AM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser.Myles-PC
03/24/2012 10:40 AM <JUNCTION> Application Data [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming]
03/24/2012 10:40 AM <JUNCTION> Cookies [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Cookies]
03/24/2012 10:40 AM <JUNCTION> Local Settings [C:\Users\UpdatusUser.Myles-PC\AppData\Local]
03/24/2012 10:40 AM <JUNCTION> My Documents [C:\Users\UpdatusUser.Myles-PC\Documents]
03/24/2012 10:40 AM <JUNCTION> NetHood [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/24/2012 10:40 AM <JUNCTION> PrintHood [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/24/2012 10:40 AM <JUNCTION> Recent [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Recent]
03/24/2012 10:40 AM <JUNCTION> SendTo [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\SendTo]
03/24/2012 10:40 AM <JUNCTION> Start Menu [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Start Menu]
03/24/2012 10:40 AM <JUNCTION> Templates [C:\Users\UpdatusUser.Myles-PC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser.Myles-PC\Documents
03/24/2012 10:40 AM <JUNCTION> My Music [C:\Users\UpdatusUser.Myles-PC\Music]
03/24/2012 10:40 AM <JUNCTION> My Pictures [C:\Users\UpdatusUser.Myles-PC\Pictures]
03/24/2012 10:40 AM <JUNCTION> My Videos [C:\Users\UpdatusUser.Myles-PC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser.Myles-PC.000
06/10/2013 05:47 PM <JUNCTION> Application Data [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming]
06/10/2013 05:47 PM <JUNCTION> Cookies [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Cookies]
06/10/2013 05:47 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser.Myles-PC.000\AppData\Local]
06/10/2013 05:47 PM <JUNCTION> My Documents [C:\Users\UpdatusUser.Myles-PC.000\Documents]
06/10/2013 05:47 PM <JUNCTION> NetHood [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/10/2013 05:47 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/10/2013 05:47 PM <JUNCTION> Recent [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Recent]
06/10/2013 05:47 PM <JUNCTION> SendTo [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\SendTo]
06/10/2013 05:47 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu]
06/10/2013 05:47 PM <JUNCTION> Templates [C:\Users\UpdatusUser.Myles-PC.000\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser.Myles-PC.000\AppData\Local
06/10/2013 05:47 PM <JUNCTION> Application Data [C:\Users\UpdatusUser.Myles-PC.000\AppData\Local]
06/10/2013 05:47 PM <JUNCTION> History [C:\Users\UpdatusUser.Myles-PC.000\AppData\Local\Microsoft\Windows\History]
06/10/2013 05:47 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser.Myles-PC.000\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser.Myles-PC.000\Documents
06/10/2013 05:47 PM <JUNCTION> My Music [C:\Users\UpdatusUser.Myles-PC.000\Music]
06/10/2013 05:47 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser.Myles-PC.000\Pictures]
06/10/2013 05:47 PM <JUNCTION> My Videos [C:\Users\UpdatusUser.Myles-PC.000\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
92 Dir(s) 630,884,552,704 bytes free
========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
And here is the extras.txt file:
OTL Extras logfile created on: 11/21/2013 11:02:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myles\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 79.18% Memory free
15.96 Gb Paging File | 13.67 Gb Available in Paging File | 85.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.29 Gb Total Space | 586.31 Gb Free Space | 62.96% Space Free | Partition Type: NTFS
Computer Name: MYLES-PC | User Name: Myles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D66143-E47C-45C0-BB8E-0E1BD1B813B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{0D832C66-D5E0-4C37-AF37-EA3DA6470527}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1231C6D1-BA8B-4A78-8716-90181EB511F8}" = lport=139 | protocol=6 | dir=in | app=system |
"{12D47E10-796A-4632-B0FD-15272DDC247D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{349733E0-0DC5-49E2-9872-A88C10D30BE8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D93FE99-7DA2-4442-8748-ABB99FDB433E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{6178C7B8-425E-4A1A-A5D2-00FE047063EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6196179A-890C-4F27-8044-A92103A704AC}" = rport=445 | protocol=6 | dir=out | app=system |
"{6597F990-A698-4248-B736-B31A1B0A8461}" = lport=137 | protocol=17 | dir=in | app=system |
"{6A4DC08F-1B86-4A29-B35C-BBE447FDFD99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{784506E5-58CB-40B5-A6C9-F0E346575D75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{801A0B09-C343-4A86-94A7-D94D231F0C18}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B8DD141-2649-4330-B8AD-7A3BB19E7DC2}" = lport=138 | protocol=17 | dir=in | app=system |
"{8BFC0550-BE47-4F1D-9C3C-262F85731A97}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{8D473ED5-AEE3-4CF7-BCD3-2DC48E1262BB}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9CCAA42F-797C-46E4-B828-3B1BEBA8C624}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9DA061D2-4196-4F8D-8621-A3BE31BB1E6A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A382EDD4-82AC-4415-B7CE-539D98984F42}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBB0CE6B-3191-45E1-A4C8-023D423A3359}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{C390F5B3-92FE-47E1-A6B0-DF3E684AA717}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C39B2BD6-F4FE-447A-B13D-B7B362AF74CA}" = lport=445 | protocol=6 | dir=in | app=system |
"{C45BADA4-18C1-442A-A7CC-1F4C81862847}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB2928B5-0D46-4B26-975F-B666CCF039AF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0717429-155D-4CBA-B2F4-790D28B5B20A}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{DB3724DA-6B0D-4962-A51C-B47EAC0928CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF5D3BA8-A1B0-4ACE-9E84-09A6EC963E47}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9EA6496-64C6-4D24-9597-D582A522E386}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{F0148293-DDF4-45A2-A2BD-1B434F1CFC59}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{F485DE1E-333D-4ACB-B173-CBE825E25E5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C12DFE-AECE-440D-935A-A74AB954E3EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{0549CB99-8EAB-4A62-8795-1BE3CE1D6285}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{08A32408-5CF5-498C-81EB-45DA38BE0A6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{098BFFA9-EF5A-475C-9647-1C2C6EAB3839}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trapped dead\bin\trappeddead.exe |
"{09FE88E4-2994-4A42-943A-46751F467518}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gone home\gonehome.exe |
"{0ACC83FC-DE99-4CC7-A8B6-DAE03D8E79D1}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{0C75CFE2-1F18-41A8-8131-D422F92E42B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{0DA959AC-2118-4DB2-90F4-48475B0334D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10A7ABEB-7DBE-4F85-A1A3-42E82970804A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{1238D9C9-096F-4A2D-8A39-F7F13D28A306}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe |
"{13097945-0AD8-4CAE-B78A-8D64CEB075F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{1354F660-8915-47C4-A571-5F9332ECEE59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{150DFC85-2C7E-4D57-A164-06553BE9207F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1685974E-579E-4EFA-BD17-826AB1074314}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1690B243-5970-4982-AACB-768632275058}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{183EBFA2-262E-432F-B684-53EAC95E87F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{19507A6C-2AC6-4BB2-ABAA-1A215B79CCAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{1A4436FE-11BF-4E77-9ED4-F232804F311B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1BE94941-5E61-4075-998D-E7054684BF90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{1D169CFA-93ED-492F-9A7D-66DBD5BEEC7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E2CB5BD-E645-46C4-8E36-932E5679639D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1F7F8538-D341-4EBD-A98E-0353586C49EE}" = protocol=1 | dir=out |
[email protected],-28544 |
"{25F9C4C8-BB57-4741-AB0C-7A5603A74A83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{2889E284-4810-487E-A32A-F204AEE9A97C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{2A1C5246-6D8F-4FDF-A4A8-9F08D877AD98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{2E97EA62-AA33-4FC3-91EB-B54448FB3BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{33F80C95-3117-40E3-9ECC-0374F57548D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{341C99AA-4F9D-474A-B87E-7766996DD655}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics\grotesquetactics.exe |
"{3489B0E6-85C1-45B1-A5F9-9444084A1CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{34BCB00E-ADB0-4192-8F95-537F1C19F77C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics\grotesquetactics.exe |
"{39AEF6DD-A5B8-4E14-824B-3EBBD777BE5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{3B7C35D5-6006-4DCB-B376-31CCD26841DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{3BFFBB01-209D-40D1-A443-1158BA538CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{3C61AAC1-6809-4B0A-8885-A4226019F106}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3C7CADBD-0A97-4E68-A3C0-A335B5A926BC}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{3E359A1B-B1A9-4EE9-A53C-CF287AD22A21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{412E7C4F-58E2-4098-BAAE-AB29F8DCA5DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{42FFD4FD-A028-4F6C-8F94-F520E004794B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{44197956-10BC-4077-B9DC-474333366674}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{44967388-FA08-4844-8321-53173F0C68B7}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{457B5B66-486F-4314-8ECE-C375E1A869C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{45968691-34AD-4F95-81DC-82C741991A21}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{47CBB285-01AE-499C-A889-1979769F3178}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4A3C0CB6-DE49-45FC-BEAC-DD136189F2A7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4AA8E620-DB0F-4A38-924A-F90AF8A56FDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{4D2C51A5-CDCB-41A6-BC1F-9EAEB482872D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{4D2CA66C-49EE-4F3F-9122-2A3D3DEAB003}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{4EAFAA7D-23EE-437B-A84C-DEC1044F20E2}" = protocol=1 | dir=in |
[email protected],-28543 |
"{4F52C4E6-F2B5-4B74-AE5B-A1183E3108A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{5213118D-2C91-45BB-B054-201761FB7AF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{57455248-9F5F-4ADD-A45E-78AA39AB9867}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{583580C9-3A73-41E0-BBC9-0B597103E913}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{5979E03A-6F09-4660-BC8D-1F3EC7940593}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{5ADA51C7-F264-467A-9AFD-5C21A0550F58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{5B8520B1-41D1-40DE-8E54-A0ED60AFE669}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stardrive\stardrive.exe |
"{5E7E4337-C739-4B4F-886A-0C353EB00624}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{5EA41AD1-F90A-4D98-A8A4-D543DA5BE8D7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{60B88EC6-4C0D-45AC-9FBD-1259BE1AE83C}" = protocol=58 | dir=in |
[email protected],-28545 |
"{62FF912C-DE07-4C57-B374-71DC0048FFF6}" = protocol=17 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"{64012932-9F62-43CE-AA4B-0048120D087C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{64E83EC5-79DB-461C-8265-C203FC271132}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{658AE215-581B-4410-954D-CB54EF9A10D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{66DB37A8-9EF9-4795-9659-74B3A1EBF4F8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6A3716D9-26B5-4B6A-9C86-AEF560DD173B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E41F7ED-9932-4F66-92F2-34BC7AFEA735}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space empires iv deluxe\se4\se4.exe |
"{6EC4F2C1-F596-421E-AE7E-4205C0021748}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{6EFF87DE-E746-4740-A6DE-AADFE7273A2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guardians of graxia\guardiansofgraxia.exe |
"{6F8783B2-217A-4B50-A28C-943E1CCA304A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gone home\gonehome.exe |
"{70921912-F69C-4E50-970F-1DBCB72CFDAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{7288CF57-0496-4CBA-AA8A-6339BF3B7E86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{73EC398C-E445-4879-8900-E0F1304E0972}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space empires iv deluxe\se4\se4.exe |
"{779C70FC-0CEC-4CD4-B508-A05329D59232}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{7AF89370-8A48-43BA-A5A0-4F5B06FA2D8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{7B866909-3042-43E6-967B-AB6487E5803B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{7C92ECFB-BE33-4BA9-8C6D-F8E154C33420}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{7CAE4AB5-FFDF-482B-A5D3-2F073C7F7B3A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{7EC36B26-6380-49F3-8742-D892A66F63C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{7FEE8FE9-D11C-4603-BF7B-0F1B65A1A46D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{7FFEFEAB-8C3A-4688-89FE-C3C302A8F721}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{80067DB2-02D0-4229-989A-65634D97E0A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{804E190A-F2E7-4DA1-8F9C-3F5E05D358B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
"{812B7CAD-2306-4915-B9CD-6E162F9A6682}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trapped dead\bin\trappeddead.exe |
"{81FFFD55-9795-4AE7-A6E7-86DF762280E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{82AC63D0-5D00-495D-9B81-625FD50B8448}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{83776F58-1E29-44A3-A0C9-65110658C42B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{83ED6D5D-326F-49F6-836D-226E0C514525}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stardrive\stardrive.exe |
"{846B2A8F-1E8A-463C-B558-0D391B47DE57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87452239-3B1D-4168-B40F-AC6B25FD204B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{87A077E3-AECD-4DB1-9350-7DF4A75E98CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{89ED1725-BC86-4DD6-B3C8-72CB0352AA26}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8ED0626E-DE06-4F83-AB59-C8FCDB6148BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{8F67DA75-146E-421A-AE7C-28800E249465}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{967CF37B-2BF6-43D3-A27A-69F800C53CA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96B463C5-4939-4330-BA22-239A9C40C785}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{974ED5E1-8043-4A57-A487-A420739F493F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{9811C2C3-950E-4C54-A4AA-21B479A62175}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{99246C68-82B8-4420-A830-E14EEAFBCB75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{9B2EE76B-7A6B-4E2B-BB78-74E14B35F60F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{9E8D86F2-B9C7-4120-AE76-39A2B688BE7F}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{9EAC0AA5-631B-47F8-8728-8DEE8824DAE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{9EBAA2DF-ABC1-4F71-83A5-55970124238A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\avadon 2\avadon 2.exe |
"{A0876377-714F-4810-B22F-AA3E88742DAA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2E6B7ED-DC29-4E8A-BD2C-3146372443D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9F5DE89-BC5A-4399-BA37-E205BB633E4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{ACE7F08F-91B6-4B13-AC36-F878757FADEC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{AE1C441B-BD2F-4B2B-A91F-861F96921D96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{B0F6FDFB-DEC5-4F9E-9D04-3048657C52E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{B10DDEBF-5662-4C8C-9E98-C3887DDFB3E9}" = protocol=6 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"{B255AA07-AF46-48F7-933C-2D2818FD7939}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\avadon 2\avadon 2.exe |
"{B30F6B0F-5579-4F2B-AC5D-0AD6B1F07FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{B4BE68EE-116B-4E83-96C4-C548598673AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{B4C69B92-F203-4354-AA70-485D74F23BCD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{B4F4697B-741E-4151-BA8C-29B4C3D2EA38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B624695E-FD6D-4B8D-895D-479B56CA4613}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B6C50D82-0167-4930-A537-726450074717}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{BAF8FBF5-B558-41DB-B337-EB4CB7B8C29D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BB7D3911-53E6-44D4-8CFE-89D5F90DE87F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{C0427416-02F3-4699-B925-D019481CB6DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{C1EC0BC2-569A-4C06-A04B-B4EDA0A54F86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{C250184A-AED4-4C23-9427-65B6466F300C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C3DED884-A227-4301-93C6-1CA9C9C355F0}" = protocol=58 | dir=out |
[email protected],-28546 |
"{C444A5CA-A098-4F8F-80DD-503D65CADBC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5A6279A-96FA-4306-94FB-032BB46148FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C64DA20F-414E-4FF2-BCC2-C63C03E1E24F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C8A1685E-185A-4A37-B9C8-6D79FA45B229}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C934E2D9-AA20-4973-91B0-BDD11D8F687B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{C9AFCF07-2A85-490E-AB33-A6280C4A570A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{CC40E6F9-9221-49BC-9A34-32802DE052EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guardians of graxia\guardiansofgraxia.exe |
"{D2A504F9-F240-4248-B31F-58EE42D059CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{D2EDCCA0-5B76-47B0-8E63-6F057993EFCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe |
"{D3FFAB9D-1AD1-4235-9A6E-A4D3BBCD1BAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{D576BC9F-E1AE-4B5B-8E6A-A1E05F55AEDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{D5CF4FBC-D804-40AC-BE35-6A34B7C57540}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{D7172C19-E64C-4122-A0DA-D781B70BAEE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{D9FEE864-0265-4154-8DBE-AAFF712D1781}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe |
"{DBDA7F61-388A-4274-83CC-8B3B748B18D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{DE24C6D5-188C-477F-8261-0CAB133936B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE2DBBA8-1FBF-4D72-926C-8149B95F9114}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{E371421A-4822-40A3-A58D-EE38383395FF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E5D54795-BBC7-4051-84DC-16271D79B416}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{ECFE4FDB-B32D-4A6D-848F-712B58B60299}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{ED795C2F-F2F5-4784-BA8D-E9C5B8A6AF88}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F041B25F-BC17-461D-B712-928F5E999D9D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{F28C8806-4F47-43BB-9B28-1B58999631C2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2B3FFA9-A5CF-48CE-BDED-C0CC0F3989BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3A227C1-732A-4184-A683-084A765B0B1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{F64E5BC2-3906-4E16-B00B-9EC942BEEBF1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{F6914475-D3B3-4C20-A1B0-B6473BB747C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{F8F28D47-F054-4CF5-9ADD-FB72558B423F}" = protocol=6 | dir=out | app=system |
"{FACAD286-A4BF-4413-94F8-BB775F80EB90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{FB7C3D2B-DF10-4792-9238-7D7896482263}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe |
"{FC1C19AD-C89C-4A89-A27B-77B71C0627E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD884226-4FFE-4D80-8ED1-2B2EB404F207}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FFD74733-575F-443B-84BF-A48E5474A889}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"TCP Query User{01791B73-BDE9-44ED-9538-3E1B77A12C1A}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{045157BD-B212-4E99-8929-B5DE087A8F88}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{083CD629-AFBC-45F0-B80B-959D928A139B}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{0CE0381A-6595-407D-B33D-4134281E6E13}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"TCP Query User{17F814FF-7D3C-4B55-B45A-1592C56B7F03}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{22A62C8A-9748-47E8-A8F0-3709D3CAC363}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{324D50DB-47C0-47A2-B360-6E71521AC512}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"TCP Query User{430FC42C-F64B-4F5D-BD2A-4B8954875FD7}C:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{55F77E05-5755-449B-B74D-17A0E3E8EC3B}C:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd |
"TCP Query User{727F42B5-70C3-40B0-9C82-0D1D0943B9E5}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"TCP Query User{7A69930C-08B8-4AB1-AE42-C55FEB5BC99F}C:\users\myles\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\myles\appdata\local\temp\gw2.exe |
"TCP Query User{819A6CFF-452C-4559-99F0-31B4734CE2FC}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{97ABDDC1-69AD-4882-9C1E-C40B80678F96}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{B6A83A28-7C70-4540-88D8-2CECBCA893DA}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{BBCDC8D2-0235-4743-84F7-3E59C19BA72E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{BCD73650-332D-47DB-B412-EEF65AC55327}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{C4CC05DB-668C-4EC6-91C5-0B52261ED6D0}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{0009FE65-84DD-4173-B0AE-3A7600A62E26}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{252B1274-05FE-4EBF-9043-F54969FB4E37}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{2AF89F9F-9B5D-413F-AAA1-D317AD19C2B7}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{340BE2BA-1C6F-460A-B2D6-31EEB8B4F9D3}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{3B7F8174-0F73-4006-8DA3-71C320C16E66}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"UDP Query User{41D772E4-B295-4718-B75B-40BA5EF93727}C:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\myles\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{52EA4CF7-F5F9-487E-BF83-F7382A339FFE}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{5F95A5DB-5856-4F20-961D-A49C223681EA}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{6D32F26D-827D-4C91-AA0E-6614921C8255}C:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\mechwarrior mercenaries\mw4mercs.icd |
"UDP Query User{6ED4A3A7-E278-4BA0-A625-01EDA9A8BBFD}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{705C2CEA-2450-447B-854D-1829B2027514}C:\users\myles\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\myles\appdata\local\temp\gw2.exe |
"UDP Query User{86F03813-8A8F-4664-864C-25C35C0E2FAB}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"UDP Query User{AFE9D224-2652-442F-AFCB-1227290E3BC9}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{B5E43604-7BD7-41F5-BF7D-4B449CAF31E6}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{CC0DA8EE-30DF-45C6-A045-47BCB90AEF13}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{EDBF0675-8E94-4B4D-BCFB-CEA96B4BC879}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"UDP Query User{F2C6FA87-26F5-4670-A45E-24E76E905A91}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A04DCB25-7040-4935-A30D-8E0A893ABF2D}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}" = WinZip 17.5
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228288D-975E-42F7-9993-E91A82E6BBD9}" = CWA Reminder by We-Care.com v4.1.24.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217000F0}" = Java 7
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{CA328CDF-A284-445E-AAE7-B24A11E97201}" = MechWarrior Online
"{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}" = DayZ Commander
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.152
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A2BAF Data cache removal" = ARMA 2: British Armed Forces - Data cache removal
"A2PMC Data cache removal" = ARMA 2: Private Military Company - Data cache removal
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Diablo III" = Diablo III
"ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]
"Guild Wars 2" = Guild Wars 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MechWarrior Mercenaries" = MechWarrior 4 Mercenaries
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenIt Open It!" = Open It!
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"Steam App 1610" = Space Empires IV Deluxe
"Steam App 17450" = Dragon Age: Origins
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 200710" = Torchlight II
"Steam App 203770" = Crusader Kings II
"Steam App 205530" = Gratuitous Tank Battles
"Steam App 208480" = Assassin’s Creed® III
"Steam App 208580" = Star Wars: Knights of the Old Republic II
"Steam App 212160" = Vindictus
"Steam App 212680" = FTL: Faster Than Light
"Steam App 219150" = Hotline Miami
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 220660" = StarDrive
"Steam App 22380" = Fallout: New Vegas
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 22600" = Worms Reloaded
"Steam App 231430" = Company of Heroes 2 – OPEN BETA
"Steam App 232430" = Gone Home
"Steam App 233310" = Avadon 2: The Corruption
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 33900" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 46450" = Grotesque Tactics: Evil Heroes
"Steam App 46540" = Trapped Dead
"Steam App 46570" = Grotesque Tactics 2 - Dungeons and Donuts
"Steam App 48220" = Might & Magic ® Heroes ® VI
"Steam App 49520" = Borderlands 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 57690" = Tropico 4
"Steam App 65700" = Arma 2: British Armed Forces
"Steam App 65720" = Arma 2: Private Military Company
"Steam App 6860" = Hitman: Blood Money
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 90500" = Guardians of Graxia
"Steam App 9900" = Star Trek Online
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-186217316-381863959-1373005331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4f004f4a-1930-4b55-83e6-61660211787f}" = MechWarrior Online
"Dropbox" = Dropbox
"SOE-C:/Users/Myles/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"soe-PlanetSide 2" = PlanetSide 2
"Zip Opener Packages" = Zip Opener Packages
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 10/1/2013 10:29:45 AM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10/2/2013 1:29:12 AM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10/2/2013 6:14:06 PM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10/2/2013 11:34:44 PM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10/4/2013 9:24:26 AM | Computer Name = Myles-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 11/21/2013 9:49:49 AM | Computer Name = Myles-PC | Source = DCOM | ID = 10010
Description =
Error - 11/21/2013 12:12:35 PM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 11/21/2013 12:15:32 PM | Computer Name = Myles-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 11/21/2013 12:16:26 PM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 11/21/2013 12:18:52 PM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.
Error - 11/21/2013 12:20:11 PM | Computer Name = Myles-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 11/21/2013 12:29:08 PM | Computer Name = Myles-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 11/21/2013 4:27:59 PM | Computer Name = Myles-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 11/21/2013 8:06:16 PM | Computer Name = Myles-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:28:14 PM on ?11/?21/?2013 was unexpected.
Error - 11/22/2013 12:52:40 AM | Computer Name = Myles-PC | Source = nvlddmkm | ID = 11141134
Description =
< End of report >
Here is the ASWMBR scan results:
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-21 23:12:33
-----------------------------
23:12:33.201 OS Version: Windows x64 6.1.7601 Service Pack 1
23:12:33.201 Number of processors: 4 586 0x2A07
23:12:33.201 ComputerName: MYLES-PC UserName: Myles
23:12:33.261 Initialze error 1
23:12:53.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:12:53.033 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11
23:12:53.043 Disk 0 MBR read successfully
23:12:53.043 Disk 0 MBR scan
23:12:53.043 Disk 0 unknown MBR code
23:12:53.053 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
23:12:53.053 Disk 0 scanning C:\Windows\system32\drivers
23:12:53.053 Service scanning
23:12:53.893 Modules scanning
23:12:53.893 Disk 0 trace - called modules:
23:12:53.903 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:12:53.903 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077d0060]
23:12:53.903 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8007520520]
23:12:53.913 5 ACPI.sys[fffff88000f287a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007510060]
23:12:53.913 Scan finished successfully
23:13:07.785 Disk 0 MBR has been saved successfully to "C:\Users\Myles\Desktop\MBR.dat"
23:13:07.785 The log file has been saved successfully to "C:\Users\Myles\Desktop\aswMBR.txt"
Security Check Log:
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300
Java 7
Java 7 Update 15
Java version out of Date! Adobe Reader 10.1.8
Adobe Reader out of Date! Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````