Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

100% CPU Usage, SearchProtection.exe [Closed]

Started by mopyohn , Mar 27 2014 09:43 PM

  • This topic is locked This topic is locked

#1
mopyohn
Posted 27 March 2014 - 09:43 PM

mopyohn

    Member

  • Member
  • PipPip
  • 27 posts

First noticed an issue when my default search engine was changed in firefox.  Popups showed up later telling me that something was trying to change my default search engine.  Task manager showed that firefox and flash player were using lots of memory and my CPU usage was 100%.  I tried updating flash player but nothing was fixed.  I downloaded Avast and did a boot scan which found a Java Agent Exploit and many PUPs such as Searchprotection.exe and these were deleted.  However, the boot scan got stuck at the end and the computer would not boot up after the scan compleeted.  I had to turn the computer off and on and do a scan of the C drive which had to be repaired after turning the computer off.  After that the computer was back to normal but after rebooting a second time it is back to being slow and 100% CPU usage.  To give you an idea of how slowly things are running, the OTL scan took over an hour but here is the output:

 

OTL logfile created on: 3/27/2014 10:27:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Blake\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.92 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.24% Memory free
7.83 Gb Paging File | 5.26 Gb Available in Paging File | 67.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 217.48 Gb Free Space | 48.22% Space Free | Partition Type: NTFS
 
Computer Name: BLAKE-PC | User Name: Blake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/27 22:26:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Blake\Desktop\OTL.exe
PRC - [2014/03/27 00:46:30 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/03/27 00:46:30 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/24 16:26:00 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/03/24 16:19:27 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/19 18:40:02 | 000,239,680 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2014/01/15 18:15:38 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Blake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/10/15 19:06:12 | 001,016,712 | ---- | M] (Flux Software LLC) -- C:\Users\Blake\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/08/28 20:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/19 13:12:34 | 000,176,520 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
PRC - [2012/11/19 13:12:32 | 000,298,888 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/29 16:52:08 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 11:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/08/20 19:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/11 19:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/27 00:46:38 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/03/24 16:25:56 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/03/24 16:19:04 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/28 20:25:02 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/08/28 20:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/19 04:37:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010/12/17 11:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/11 19:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/08/11 19:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/08/11 19:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/08/11 19:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/08/11 19:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/08/11 19:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/08/11 19:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/08/11 19:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/27 00:46:30 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 15:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/10/07 22:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/30 15:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/24 16:19:26 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/02/19 18:40:02 | 000,239,680 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/19 13:12:34 | 000,176,520 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/09/29 16:52:08 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 19:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/27 00:46:44 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/03/27 00:46:44 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/03/27 00:46:44 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/03/27 00:46:44 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/03/27 00:46:44 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/03/27 00:46:44 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/03/27 00:46:43 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/10 20:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/04 08:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/25 19:27:19 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/15 06:48:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/05/15 06:48:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/28 04:57:14 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/22 05:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/17 13:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/15 13:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/13 13:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/12 10:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/12/01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/30 18:02:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/20 14:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/12 22:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1341C25C-06BA-479A-90EA-A2E284D4A28D}
IE:64bit: - HKLM\..\SearchScopes\{1341C25C-06BA-479A-90EA-A2E284D4A28D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {CAA144CB-38EC-438D-ABD8-E5B955859DC4}
IE - HKLM\..\SearchScopes\{CAA144CB-38EC-438D-ABD8-E5B955859DC4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope = {CAA144CB-38EC-438D-ABD8-E5B955859DC4}
IE - HKCU\..\SearchScopes\{B3750A98-DEA4-4F58-8052-AB552F3EDCD5}: "URL" = http://websearch.ask...9E-40F49BF1A06E
IE - HKCU\..\SearchScopes\{EC19C37E-951A-4003-9405-594152D42A01}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Blake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Blake\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Blake\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=2.0.8.5.1: C:\Users\Blake\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/05/19 10:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/19 10:31:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/19 10:31:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/24 16:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/24 16:45:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Blake\AppData\Roaming\TorrentStream\extensions\firefox\[email protected] [2013/09/25 15:56:08 | 000,000,000 | ---D | M]
 
[2011/06/27 16:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blake\AppData\Roaming\Mozilla\Extensions
[2014/03/24 09:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\42gurd4i.default-1395634222067\extensions
[2013/05/19 11:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/05 11:21:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/27 11:20:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/07/05 11:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/05 11:21:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/03/24 16:19:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/24 16:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/03/24 16:18:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/03/24 16:18:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...={searchTerms},
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Blake\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Blake\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Blake\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Blake\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Google Search = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: Google Wallet = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110528140450.dll (McAfee, Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110627170102.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [F.lux] C:\Users\Blake\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Blake\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Blake\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Blake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0249369A-2D83-43AE-B510-09ADCA62A2D6}: DhcpNameServer = 128.6.1.1 172.28.0.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{291097C8-CD7F-47E1-B057-A8B8A63F79AA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0d07c358-2338-11e3-9492-ee5a613dc25e}\Shell - "" = AutoRun
O33 - MountPoints2\{0d07c358-2338-11e3-9492-ee5a613dc25e}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/27 22:26:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Blake\Desktop\OTL.exe
[2014/03/27 22:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/03/27 17:52:43 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/03/27 00:47:57 | 000,000,000 | ---D | C] -- C:\Users\Blake\AppData\Roaming\AVAST Software
[2014/03/27 00:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/03/27 00:46:52 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/27 00:46:52 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/03/27 00:46:52 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/27 00:46:52 | 000,084,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/03/27 00:46:52 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/27 00:46:49 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/27 00:46:41 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/27 00:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/03/27 00:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/03/26 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\Blake\Desktop\Fall 2014
[2014/03/25 18:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2014/03/24 21:00:07 | 000,000,000 | ---D | C] -- C:\Users\Blake\AppData\Roaming\Oracle
[2014/03/24 20:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/24 16:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/03/24 16:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/03/18 14:36:32 | 000,000,000 | ---D | C] -- C:\Users\Blake\AppData\Local\Electronic Arts
[2014/03/18 14:36:08 | 000,000,000 | ---D | C] -- C:\Users\Blake\Documents\Electronic Arts
[2014/03/18 14:33:06 | 000,000,000 | ---D | C] -- C:\Users\Blake\Documents\Electrontic Arts
[2012/09/15 22:59:27 | 000,488,960 | ---- | C] (Alessandro Portale www.casaportale.de) -- C:\Program Files\Common Files\PosteRazor.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Blake\Documents\*.tmp files -> C:\Users\Blake\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/27 22:26:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Blake\Desktop\OTL.exe
[2014/03/27 22:21:59 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 22:21:59 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 22:21:04 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-414650306-3727077715-2216370247-1002UA.job
[2014/03/27 22:21:03 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-414650306-3727077715-2216370247-1002Core.job
[2014/03/27 22:20:53 | 000,663,472 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/27 22:20:52 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/27 22:20:52 | 000,122,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/27 22:13:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/27 22:13:09 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/27 19:55:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414650306-3727077715-2216370247-1002UA.job
[2014/03/27 17:56:54 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2014/03/27 06:55:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414650306-3727077715-2216370247-1002Core.job
[2014/03/27 00:47:48 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/27 00:46:44 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/27 00:46:44 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/03/27 00:46:44 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/27 00:46:44 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/03/27 00:46:44 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/27 00:46:44 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/27 00:46:43 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/27 00:46:43 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/27 00:46:41 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/24 16:19:35 | 000,002,046 | ---- | M] () -- C:\Users\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/20 18:21:00 | 000,000,132 | ---- | M] () -- C:\Users\Blake\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/03/19 11:12:01 | 000,001,974 | ---- | M] () -- C:\Users\Blake\Desktop\Play Football Manager 2014.lnk
[2014/03/10 00:04:37 | 000,112,757 | ---- | M] () -- C:\Users\Blake\Documents\MapleLab2.mw
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Blake\Documents\*.tmp files -> C:\Users\Blake\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/03/27 17:56:54 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2014/03/27 00:47:48 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/27 00:46:52 | 000,208,928 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/27 00:46:52 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/19 11:12:01 | 000,001,974 | ---- | C] () -- C:\Users\Blake\Desktop\Play Football Manager 2014.lnk
[2014/03/10 00:04:36 | 000,112,757 | ---- | C] () -- C:\Users\Blake\Documents\MapleLab2.mw
[2013/09/25 11:27:01 | 000,000,132 | ---- | C] () -- C:\Users\Blake\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/09/22 23:08:09 | 000,000,045 | RH-- | C] () -- C:\Windows\sgc_user.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/04/11 20:49:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/02/13 01:04:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/26 23:57:45 | 000,009,994 | -HS- | C] () -- C:\Users\Blake\AppData\Local\4t4u82jn155cx524wbld46ofv0n81yb588eb08gk
[2011/06/26 23:57:45 | 000,009,994 | -HS- | C] () -- C:\ProgramData\4t4u82jn155cx524wbld46ofv0n81yb588eb08gk
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/03/26 16:20:42 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\.Torrent Stream
[2014/03/27 00:47:57 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\AVAST Software
[2014/01/17 21:26:10 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\calibre
[2012/09/15 23:01:34 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\CasaPortale.de
[2012/06/25 19:28:32 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\DAEMON Tools Lite
[2013/02/05 01:33:11 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\DC++
[2014/03/25 18:50:56 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\Foxit Software
[2011/08/31 08:32:38 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\iPodtoComputer
[2011/12/10 17:27:14 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\IrfanView
[2014/01/22 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\LolClient
[2014/02/22 19:26:35 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\Maple
[2013/07/29 22:01:29 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\ooVoo Details
[2014/03/24 21:00:07 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\Oracle
[2013/08/14 14:59:10 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\Origin
[2012/10/22 10:02:49 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\PCDr
[2012/10/01 22:52:43 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\Pelles C
[2013/09/22 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\Quantitative Micro Software
[2014/01/21 15:32:49 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\Riot Games
[2014/03/27 01:00:07 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\Search Protection
[2012/12/25 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\Sports Interactive
[2014/03/27 22:16:13 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\Spotify
[2011/07/25 20:34:41 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\SystemRequirementsLab
[2014/03/21 15:50:13 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
 


Edited by mopyohn, 28 March 2014 - 07:06 PM.

  • 0

Advertisements

#2
mopyohn
Posted 28 March 2014 - 06:58 PM

mopyohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

The viruses found in the avast boot scan were: Threat: Java:Agent-AXI [Expl], PUP: Win32:Downloader-UZF [PUP], and Win32:InstalleRex-Y [PUP].  My computer is so slow it's barely usable so any help would be appreciated!!!


  • 0

#3
23red
Posted 28 March 2014 - 07:42 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

  Welcome mopyohn!

 

I'm 23red, and it'll be my pleasure to assist you with your problem.  I am currently reviewing your log.  In the meantime, I'd be grateful if you would note the following:

 

•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens do not continue! Stop and ask!  It is not a problem.
 
•  Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.
 
•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

 

•  Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

 

Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

 

•  As I am currently in training, I will be helping you under the supervision of our Expert Teachers.   As such, there will likely be a delay between posts.   I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy  ;)

 

•  Thank you for your understanding and I appreciate your patience.

 

Please allow some time to go through the log you've posted.  I'll post back as soon as possible.

 

**In the mean time, may you please post the extras.txt that was made same time as your OTL log?  It should be located on your Desktop.

 


  • 0

#4
mopyohn
Posted 28 March 2014 - 08:54 PM

mopyohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Thank you, here is my Extras text:

 

OTL Extras logfile created on: 3/27/2014 10:27:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Blake\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.92 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.24% Memory free
7.83 Gb Paging File | 5.26 Gb Available in Paging File | 67.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 217.48 Gb Free Space | 48.22% Space Free | Partition Type: NTFS
 
Computer Name: BLAKE-PC | User Name: Blake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DD0677-171B-41F0-89D9-2CC17C4A73CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{092A9740-CBFB-44E7-8C1E-0DB85BB8012F}" = lport=137 | protocol=17 | dir=in | app=system |
"{0D70E0AE-2CFF-44A6-8111-1EDE9D5D00FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19176BA2-1984-4F8F-A889-8DA42E055A93}" = rport=137 | protocol=17 | dir=out | app=system |
"{1962A7C0-2B50-427C-B858-C626EF613354}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22F4A46B-E685-4EE2-8B3F-50D750494B9A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A5940BE-D24F-4E8A-A874-D177FD83378B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{32D8E4A9-11C4-48C4-9E6F-3041D4DB8C13}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3E7C710F-E9E5-4D44-A833-AEEAB41D5D46}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{40CA8B89-EE76-41A5-8EF0-E757D9FC2B2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B9989CE-3037-47A8-996F-3EC4CF1EB64D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{611C54A9-12F3-4BCC-8C0A-52A5A629AB28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63B09697-473E-452A-B1F3-0AB13A838AF3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{845AB45B-1D16-4C25-816A-FEC482497BD5}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F4C413A-0EFD-4905-AC06-AAC377CF5427}" = rport=2869 | protocol=6 | dir=out | app=system |
"{9EDA5E44-09AB-4D3F-9BAE-70CCFAF05A59}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADDC8D6F-847C-4BED-85F3-A3B9E9D5434E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{ADE64B35-2048-4D50-A7D6-BC130EF813A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B6AFC55E-C64A-424D-B64B-9058AD209BC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA44F35D-C1B1-44BB-B823-45EEA285D9BE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C4E53ED0-3220-4A32-A822-CC3C3E295A4D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C627F8F0-22A2-4496-A66F-60040C9468A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEE4EBD7-515C-467D-AB8E-550F7963E4DF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CF6A4E08-89C6-452A-96AF-A66F86A70FD4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA7B03B1-5D06-4D83-B8C2-B83910A42E88}" = rport=1119 | protocol=6 | dir=out | name=real id |
"{DC3AA84C-D968-4DB0-9108-5BD6A480B653}" = rport=139 | protocol=6 | dir=out | app=system |
"{DDC1D03F-025D-4CF6-811C-41F0FC2C7D29}" = lport=138 | protocol=17 | dir=in | app=system |
"{DDCBFFB0-2DEC-4A40-A4F9-192992F96EFA}" = lport=139 | protocol=6 | dir=in | app=system |
"{E8AB28AC-E108-478F-A7CD-E54253FEBFEC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC5ACCED-AA01-44ED-88B4-AC7FD89817AB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F480351D-7E4D-446F-BEEE-18225532A060}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD3BA1FF-AD89-4E2E-AC62-8A9BE22CCB38}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFE86119-8C1A-4F74-A573-61DAEB2C7D28}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019116EE-196E-489E-AF3A-4B3DD444EA5C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{0835FC9A-C1F2-411C-97C8-FF8C951A0B66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{09E77B5F-DB45-409A-8B54-ECC22AE05ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BE1D842-352E-41D6-952C-B57EFF330916}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{0FBC7851-D338-4549-9C9F-268B9589055E}" = protocol=6 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{14B58A4A-DEEF-4FD5-90B9-72147535D86F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1AD8BA51-DB3D-4A88-94B9-E64700F88C7E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1AF5EAB7-AECF-4078-9469-EEB0EE93F7CE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E52AE7E-D548-4E44-A3BF-8D4CFF1C0B3D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1F62CE13-09B0-46CF-A736-1DB190C8B99F}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13 demo\game\fifa13_demo.exe |
"{1FF75E54-4C09-4C1B-9DFE-085742B0207C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{22579B4B-52B2-49D0-AC44-9E9702BE7600}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe |
"{22630B8C-C6F8-401F-8503-B32AF4055EEB}" = protocol=17 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{2326715B-CEA6-4BCC-90FE-215103854C10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{24C37301-CD34-42D7-A514-CE16C5DD0A26}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{250503A2-9278-4DE3-9285-69E6105B2AF4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{26140403-29A4-4046-BB6C-4EB32F403D38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{2B8D5F71-A675-454D-BBE4-A4BADA65ABFD}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 beta\bf3.exe |
"{30F6C872-CF05-4031-BFCF-F122EE034587}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{31F68D33-55FD-48C1-89A9-F9EE9ADFB52B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{327FDD24-F60A-4C9C-8140-43F9431641A3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{34985389-2DA5-4F1A-8D1E-4B48FD91C47C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{36FA47BE-5EC3-4250-9A7A-782CCBFA1AE6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{37606C85-29AB-4DEB-9152-FB04F006A9ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38046312-CC08-4319-8594-E86CA7917A4C}" = protocol=17 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{38D7FA50-58A5-47AB-B776-F8E3AFF809C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A2AAAF5-CB6C-49A2-B045-E955BAA5924A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{3A554A3D-5C3F-42BB-8FC2-23084A435B0B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3B432E4F-B0A9-4E85-A612-AD340B19517F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{3D055F8B-4531-46BC-8BEC-6AF389E2EB07}" = protocol=17 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{4115AA50-4FCA-49AD-BC84-F07C3793B566}" = protocol=17 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{43922C1D-B061-4C8A-B1AE-0C0D2FDC7CA6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{4417F4AD-341F-4751-9E50-E6C575B59E6E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{46CAC148-5BC3-4015-8D3F-1B7FBC65F4B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2014 demo\fm.exe |
"{46FF2C50-97E4-46CC-A7A3-21D73DDC34B0}" = protocol=1 | dir=in | [email protected],-28543 |
"{47B01DA8-D4B9-4FDD-A065-CB111B828687}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{48BAFFDF-6BCC-4283-AA9C-399ECC696209}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4B159215-8789-4313-9633-F6523525ED83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5353EC4B-BC21-435B-B125-596F7733F443}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{53815688-2E20-4415-BFFD-DDA6FA1DD690}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{5507DE82-CA8E-463C-8D1F-662F66447D19}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{55BD67D2-FC98-47B1-963D-DCBA5DEE7158}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{55F127BB-E56D-4406-8FE3-1D97D2C9DB35}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{592DBEB8-FDB4-439B-AD08-DCAD30F926F9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{5A1A8992-65B6-41A3-A41E-AA7634529162}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5C459F29-E85E-459A-AB43-565EF4E51671}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5D2BDE5C-03C6-4E2F-BAEC-C3B3E5BB6830}" = protocol=17 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{5D71C5A0-D633-4685-8F55-671D9DCFB575}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5FA7122C-2D4F-4E1A-AAAB-4FD7EBD9BCFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{60BE4D22-429B-482D-B0AE-7EBED3C23722}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{613C748B-61B4-4404-8053-46FA2640D5F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{61A7663B-F105-4B18-A03E-F23BD7155DE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{62499F08-7DDD-447C-9858-119F69EFBA48}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{63779E2C-78F6-4D12-A8E8-BD4B448D66D6}" = protocol=6 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{641A8172-B44E-4FDA-9096-1238801F46FF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe |
"{650986E4-9566-4D81-A189-CD8695F54D82}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{66F83C26-0F57-4FAA-895B-FD7142969412}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DE0034A-736A-4B3A-B468-E42DC774275F}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{6DF32037-DA45-4A14-8A34-87FEB1982FCE}" = protocol=6 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{6F416B81-997E-4682-83A7-6B36270A15CB}" = protocol=6 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{7075ECC2-B06B-4C32-A6BA-158F56DD1113}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{72A7FB4B-3A39-4EF0-BE96-D06C819A4A43}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13 demo\game\fifa13_demo.exe |
"{76503946-8C82-4DC3-8DA1-190DCC589065}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7686B02E-C74A-4B35-BCCE-98D1AE83D600}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{7858AF9A-D223-478D-880E-7C1C6887D4D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{7B12EE8D-88C7-4B88-901B-0FBEEB20F390}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7D2A7EAF-75E9-46CE-BD24-F170181A0D4C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{7DD7428E-721D-4CE5-AAE0-7B338E6DED6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87600693-A4D3-4CAF-B341-F7108B969217}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{8C455E06-7AD6-4692-8A67-34577E380A49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012 editor\editor.exe |
"{8CD7AE96-0F49-42FF-9415-E445CDBF1702}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8CF8C71F-588E-4A8C-BC67-4B42154EF3A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2014 demo\fm.exe |
"{8F1AAC33-7554-48B9-B28A-9EE1338AC90D}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{8F420F13-FC2D-4B48-BC21-528CE8FC68EA}" = protocol=6 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{9063E458-5FC2-4153-B8A1-359F5AF195F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012 resource archiver\resource archiver.exe |
"{90A2D90C-D479-44E3-8C0A-9F5F19FB21D9}" = protocol=6 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{90D91505-CC20-484E-BFEB-18E80D091B27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012 editor\editor.exe |
"{90DB1ED9-CDAE-42F9-A49B-49BB37D60F1B}" = protocol=17 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{91248346-3D8A-4841-A4BE-70CDB9D3F1CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2014 demo\fm.exe |
"{91B22720-782A-42F2-8C39-B5BD1267E48D}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{92BC1030-3E57-4750-8744-D26D1067C9F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{93485625-3B69-4E0C-B2B3-A9C19123AA68}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{95C89025-463D-4392-9E5C-67069579A3F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{967FA8C8-0C95-4CAA-A362-9FF42B83D89C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{98042921-E843-424A-91EB-1C59B0301979}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{98B29522-3B6F-4A19-B222-7BCC381D8401}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{99C155FA-86B7-44FB-B56A-E704F3410A45}" = protocol=58 | dir=in | [email protected],-148 |
"{9C8D4829-CD71-4F07-98EF-7A0D2B67B0F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F752E1F-B495-40F8-8995-219C840907AF}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9FCC477F-B02D-4C2D-9F15-4ABC0F15096B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1B7048E-3998-4D34-8075-C58D296757F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A296B5FE-4DBC-43D7-81F5-58A9D7DBF38E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A510F5DD-2274-4AF1-93B1-705CCBB1124F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A71664B6-8185-4F57-A3FD-E1F4371BAA2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{AA7F93F9-C5AB-4676-96BB-2FBF1AAABFD8}" = protocol=6 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{AAC24E71-F82F-4578-8274-770B96D0C9CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe |
"{AC36DE8A-CB43-4138-B8FB-BD5CBA191D50}" = protocol=1 | dir=out | [email protected],-28544 |
"{B54CFF59-C970-4262-9872-C99B1BD64C3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5E9C437-055D-47D4-BAE0-787D1D8A73FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012\fm.exe |
"{B6B77219-C607-4969-9F2F-66E1439BCEA6}" = protocol=6 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{B8A90F53-4122-4C96-ACA8-490E5DAA13F7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B8EF6EFB-BF92-4D3C-9E7A-820A691A354C}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{BB81657E-EFFD-489B-BC1C-9C3F8BD04B2B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{BB83F10C-35C7-47EF-B0C7-8C2047CFB9AA}" = protocol=17 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{BBDA77D6-ACE6-449B-B15B-372DD8DDF53B}" = dir=in | app=c:\users\blake\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{BD0B6B4A-37CB-4AB4-BF58-34B8327F6E11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012\fm.exe |
"{BE815295-0763-4D41-857B-EF287956C5AE}" = protocol=58 | dir=in | [email protected],-28545 |
"{BEF27187-F553-4124-91F8-80F3F396B3DA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BF42F223-AD86-4E8C-BE6F-34ED4C15CDC5}" = protocol=6 | dir=out | app=system |
"{BF6F51F5-E566-4D58-8A19-61092B7E27D4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{C03E5474-6602-4725-8F43-DD86C5904C4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{C3034E7C-FF8F-46FF-84D2-F50A1FAD9986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4B44D24-18D0-42CE-A670-85423993FFD5}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{C789B613-2ED5-43E5-B7BF-3F8D90240DD1}" = protocol=6 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{CDEA34F9-AE62-4308-9DB7-7102EA05359E}" = protocol=58 | dir=out | [email protected],-28546 |
"{CE8DCAA3-12CA-4228-BFF8-A3B5C199BCE4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{D2492022-8768-487E-B65D-65B680CCAE5C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{D333ED92-CB80-420C-8F40-5C0DEFE99058}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D3C98ED6-E14C-46BB-BF8D-933816D179C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{D4F8986B-B76C-40B8-A2F2-A474B85DE087}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D819CD1B-800A-4EA9-A275-5D2265514E75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{DD69CD43-75B2-4204-89DF-5375ED8D39C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DDE0A884-FE2D-415E-BDFF-33229CD0E175}" = protocol=17 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{E142CEE8-7C16-44E9-9551-3D7304E5074F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E504BB7B-C61E-4F5D-BCCA-77070F50ECDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{E66509F7-AEE6-46C4-BA7C-C69D11F77323}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2014 demo\fm.exe |
"{E6E8E267-8A2B-45B6-AF2F-4A4B981768CF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 beta\bf3.exe |
"{E70C9419-23A7-4BCF-94D5-80FAEEBF64B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012 resource archiver\resource archiver.exe |
"{EB4AB853-4890-46BE-B823-02169C56C0EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EFF8B02D-6C66-4CCF-984C-D62722DBF646}" = protocol=17 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{F078D257-55A9-4D52-A927-3013D631EA73}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F78E278A-CF59-4A8C-BF36-719CD3D878E2}" = protocol=6 | dir=in | name=blizzard downloader test1 |
"{F99E7A0C-9EFF-47F1-9109-E5D24C4AA721}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F9C0E3B0-18E9-4D85-ADA5-205E164B3C84}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FB0CA188-9E9D-4F02-BC53-A46A58ABF687}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe |
"{FE9E89B5-0967-4AC0-B973-7E8C3D3DFEFD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}" = WinZip 18.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Cucusoft iPad/iPhone/iPod to Computer Transfer_is1" = iPad/iPhone/iPod to Computer Transfer 7.5.9
"Maple 17" = Maple 17
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = My Dell
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}" = calibre
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}" = FIFA 13 Demo
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5018D8E6-8D8E-4F76-9AFD-CB2EF1100E84}" = Intel® C++ Redistributables on IA-32
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1" = Game Dev Tycoon version 1.4.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A5AEDA0-3B9E-4006-90A7-E78779951A43}" = EViews 7
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{791FF357-3DE8-485E-BD59-41844BB16415}" = Intel® C++ Redistributables on Intel® 64
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B68FC32E-D58F-4B74-A838-B265BF40A445}" = EViews 7
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2240
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"DC++" = DC++ 0.802
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"ESN Sonar-0.70.0" = ESN Sonar
"FIFA 12 © EA_is1" = FIFA 12 © EA version 1
"FM Genie Scout 12_is1" = FM Genie Scout 12 version 1.1
"FM Genie Scout 13_is1" = FM Genie Scout 13 version 1.0 13.3.3
"Foxit Reader_is1" = Foxit Reader
"iLivid" = iLivid
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"IrfanView" = IrfanView (remove only)
"League of Legends 3.0.0" = League of Legends
"Maple 17" = Maple 17
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PellesC" = Pelles C for Windows
"PunkBusterSvc" = PunkBuster Services
"SafeConnect" = SafeConnect
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.5
"SopCast" = SopCast 3.5.0
"Steam App 17470" = Dead Space
"Steam App 207890" = Football Manager 2013
"Steam App 238960" = Path of Exile
"Steam App 242380" = Football Manager 2014 Demo
"Steam App 47790" = Medal of Honor™ Single Player
"Steam App 71270" = Football Manager 2012
"Steam App 71400" = Football Manager 2012 Editor
"Steam App 71410" = Football Manager 2012 Resource Archiver
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WinAce Archiver" = WinAce Archiver
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = f.lux
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spotify" = Spotify
"TorrentStream" = Torrent Stream 2.0.8.5.1
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/27/2014 6:20:02 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/27/2014 6:20:02 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8221
 
Error - 3/27/2014 6:20:02 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8221
 
Error - 3/27/2014 6:20:04 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/27/2014 6:20:04 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9594
 
Error - 3/27/2014 6:20:04 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9594
 
Error - 3/27/2014 6:20:05 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/27/2014 6:20:05 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10608
 
Error - 3/27/2014 6:20:05 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10608
 
Error - 3/27/2014 10:16:24 PM | Computer Name = Blake-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3
 
[ Dell Events ]
Error - 5/24/2011 8:28:56 PM | Computer Name = Blake-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 5/24/2011 8:28:56 PM | Computer Name = Blake-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 5/24/2011 8:39:38 PM | Computer Name = Blake-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 5/24/2011 8:39:38 PM | Computer Name = Blake-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 6/12/2011 1:30:15 PM | Computer Name = Blake-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
[ System Events ]
Error - 3/27/2014 8:51:27 PM | Computer Name = Blake-PC | Source = Service Control Manager | ID = 7000
Description = The TCP/IP NetBIOS Helper service failed to start due to the following
 error:   %%1069
 
Error - 3/27/2014 10:14:08 PM | Computer Name = Blake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 3/27/2014 10:14:37 PM | Computer Name = Blake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 3/27/2014 10:14:50 PM | Computer Name = Blake-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{291097C8-CD7F-47E1-B057-A8B8A63F79AA}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 3/27/2014 10:14:50 PM | Computer Name = Blake-PC | Source = NetBT | ID = 4321
Description = The name "BLAKE-PC       :0" could not be registered on the interface
 with IP address 192.168.1.10.  The computer with the IP address 169.254.211.11 did
 not allow the name to be claimed by  this computer.
 
Error - 3/27/2014 10:14:50 PM | Computer Name = Blake-PC | Source = NetBT | ID = 4321
Description = The name "BLAKE-PC       :20" could not be registered on the interface
 with IP address 192.168.1.10.  The computer with the IP address 169.254.211.11 did
 not allow the name to be claimed by  this computer.
 
Error - 3/27/2014 10:14:58 PM | Computer Name = Blake-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 3/27/2014 10:15:43 PM | Computer Name = Blake-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 3/27/2014 10:16:46 PM | Computer Name = Blake-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 3/27/2014 10:16:46 PM | Computer Name = Blake-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >
 


  • 0

#5
mopyohn
Posted 28 March 2014 - 08:55 PM

mopyohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Thank you, here is my Extras text:

 

OTL Extras logfile created on: 3/27/2014 10:27:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Blake\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.92 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.24% Memory free
7.83 Gb Paging File | 5.26 Gb Available in Paging File | 67.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 217.48 Gb Free Space | 48.22% Space Free | Partition Type: NTFS
 
Computer Name: BLAKE-PC | User Name: Blake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DD0677-171B-41F0-89D9-2CC17C4A73CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{092A9740-CBFB-44E7-8C1E-0DB85BB8012F}" = lport=137 | protocol=17 | dir=in | app=system |
"{0D70E0AE-2CFF-44A6-8111-1EDE9D5D00FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19176BA2-1984-4F8F-A889-8DA42E055A93}" = rport=137 | protocol=17 | dir=out | app=system |
"{1962A7C0-2B50-427C-B858-C626EF613354}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22F4A46B-E685-4EE2-8B3F-50D750494B9A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A5940BE-D24F-4E8A-A874-D177FD83378B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{32D8E4A9-11C4-48C4-9E6F-3041D4DB8C13}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3E7C710F-E9E5-4D44-A833-AEEAB41D5D46}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{40CA8B89-EE76-41A5-8EF0-E757D9FC2B2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B9989CE-3037-47A8-996F-3EC4CF1EB64D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{611C54A9-12F3-4BCC-8C0A-52A5A629AB28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63B09697-473E-452A-B1F3-0AB13A838AF3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{845AB45B-1D16-4C25-816A-FEC482497BD5}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F4C413A-0EFD-4905-AC06-AAC377CF5427}" = rport=2869 | protocol=6 | dir=out | app=system |
"{9EDA5E44-09AB-4D3F-9BAE-70CCFAF05A59}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADDC8D6F-847C-4BED-85F3-A3B9E9D5434E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{ADE64B35-2048-4D50-A7D6-BC130EF813A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B6AFC55E-C64A-424D-B64B-9058AD209BC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA44F35D-C1B1-44BB-B823-45EEA285D9BE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C4E53ED0-3220-4A32-A822-CC3C3E295A4D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C627F8F0-22A2-4496-A66F-60040C9468A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEE4EBD7-515C-467D-AB8E-550F7963E4DF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CF6A4E08-89C6-452A-96AF-A66F86A70FD4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA7B03B1-5D06-4D83-B8C2-B83910A42E88}" = rport=1119 | protocol=6 | dir=out | name=real id |
"{DC3AA84C-D968-4DB0-9108-5BD6A480B653}" = rport=139 | protocol=6 | dir=out | app=system |
"{DDC1D03F-025D-4CF6-811C-41F0FC2C7D29}" = lport=138 | protocol=17 | dir=in | app=system |
"{DDCBFFB0-2DEC-4A40-A4F9-192992F96EFA}" = lport=139 | protocol=6 | dir=in | app=system |
"{E8AB28AC-E108-478F-A7CD-E54253FEBFEC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC5ACCED-AA01-44ED-88B4-AC7FD89817AB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F480351D-7E4D-446F-BEEE-18225532A060}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD3BA1FF-AD89-4E2E-AC62-8A9BE22CCB38}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFE86119-8C1A-4F74-A573-61DAEB2C7D28}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019116EE-196E-489E-AF3A-4B3DD444EA5C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{0835FC9A-C1F2-411C-97C8-FF8C951A0B66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{09E77B5F-DB45-409A-8B54-ECC22AE05ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BE1D842-352E-41D6-952C-B57EFF330916}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{0FBC7851-D338-4549-9C9F-268B9589055E}" = protocol=6 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{14B58A4A-DEEF-4FD5-90B9-72147535D86F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1AD8BA51-DB3D-4A88-94B9-E64700F88C7E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1AF5EAB7-AECF-4078-9469-EEB0EE93F7CE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E52AE7E-D548-4E44-A3BF-8D4CFF1C0B3D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1F62CE13-09B0-46CF-A736-1DB190C8B99F}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13 demo\game\fifa13_demo.exe |
"{1FF75E54-4C09-4C1B-9DFE-085742B0207C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{22579B4B-52B2-49D0-AC44-9E9702BE7600}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe |
"{22630B8C-C6F8-401F-8503-B32AF4055EEB}" = protocol=17 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{2326715B-CEA6-4BCC-90FE-215103854C10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{24C37301-CD34-42D7-A514-CE16C5DD0A26}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{250503A2-9278-4DE3-9285-69E6105B2AF4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{26140403-29A4-4046-BB6C-4EB32F403D38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{2B8D5F71-A675-454D-BBE4-A4BADA65ABFD}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 beta\bf3.exe |
"{30F6C872-CF05-4031-BFCF-F122EE034587}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{31F68D33-55FD-48C1-89A9-F9EE9ADFB52B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{327FDD24-F60A-4C9C-8140-43F9431641A3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{34985389-2DA5-4F1A-8D1E-4B48FD91C47C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{36FA47BE-5EC3-4250-9A7A-782CCBFA1AE6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{37606C85-29AB-4DEB-9152-FB04F006A9ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38046312-CC08-4319-8594-E86CA7917A4C}" = protocol=17 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{38D7FA50-58A5-47AB-B776-F8E3AFF809C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A2AAAF5-CB6C-49A2-B045-E955BAA5924A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{3A554A3D-5C3F-42BB-8FC2-23084A435B0B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3B432E4F-B0A9-4E85-A612-AD340B19517F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{3D055F8B-4531-46BC-8BEC-6AF389E2EB07}" = protocol=17 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{4115AA50-4FCA-49AD-BC84-F07C3793B566}" = protocol=17 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{43922C1D-B061-4C8A-B1AE-0C0D2FDC7CA6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{4417F4AD-341F-4751-9E50-E6C575B59E6E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{46CAC148-5BC3-4015-8D3F-1B7FBC65F4B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2014 demo\fm.exe |
"{46FF2C50-97E4-46CC-A7A3-21D73DDC34B0}" = protocol=1 | dir=in | [email protected],-28543 |
"{47B01DA8-D4B9-4FDD-A065-CB111B828687}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{48BAFFDF-6BCC-4283-AA9C-399ECC696209}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4B159215-8789-4313-9633-F6523525ED83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5353EC4B-BC21-435B-B125-596F7733F443}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{53815688-2E20-4415-BFFD-DDA6FA1DD690}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{5507DE82-CA8E-463C-8D1F-662F66447D19}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{55BD67D2-FC98-47B1-963D-DCBA5DEE7158}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{55F127BB-E56D-4406-8FE3-1D97D2C9DB35}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{592DBEB8-FDB4-439B-AD08-DCAD30F926F9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{5A1A8992-65B6-41A3-A41E-AA7634529162}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5C459F29-E85E-459A-AB43-565EF4E51671}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5D2BDE5C-03C6-4E2F-BAEC-C3B3E5BB6830}" = protocol=17 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{5D71C5A0-D633-4685-8F55-671D9DCFB575}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5FA7122C-2D4F-4E1A-AAAB-4FD7EBD9BCFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{60BE4D22-429B-482D-B0AE-7EBED3C23722}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{613C748B-61B4-4404-8053-46FA2640D5F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{61A7663B-F105-4B18-A03E-F23BD7155DE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{62499F08-7DDD-447C-9858-119F69EFBA48}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{63779E2C-78F6-4D12-A8E8-BD4B448D66D6}" = protocol=6 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{641A8172-B44E-4FDA-9096-1238801F46FF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe |
"{650986E4-9566-4D81-A189-CD8695F54D82}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{66F83C26-0F57-4FAA-895B-FD7142969412}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DE0034A-736A-4B3A-B468-E42DC774275F}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{6DF32037-DA45-4A14-8A34-87FEB1982FCE}" = protocol=6 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{6F416B81-997E-4682-83A7-6B36270A15CB}" = protocol=6 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{7075ECC2-B06B-4C32-A6BA-158F56DD1113}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{72A7FB4B-3A39-4EF0-BE96-D06C819A4A43}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13 demo\game\fifa13_demo.exe |
"{76503946-8C82-4DC3-8DA1-190DCC589065}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7686B02E-C74A-4B35-BCCE-98D1AE83D600}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{7858AF9A-D223-478D-880E-7C1C6887D4D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{7B12EE8D-88C7-4B88-901B-0FBEEB20F390}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7D2A7EAF-75E9-46CE-BD24-F170181A0D4C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{7DD7428E-721D-4CE5-AAE0-7B338E6DED6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87600693-A4D3-4CAF-B341-F7108B969217}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{8C455E06-7AD6-4692-8A67-34577E380A49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012 editor\editor.exe |
"{8CD7AE96-0F49-42FF-9415-E445CDBF1702}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8CF8C71F-588E-4A8C-BC67-4B42154EF3A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2014 demo\fm.exe |
"{8F1AAC33-7554-48B9-B28A-9EE1338AC90D}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{8F420F13-FC2D-4B48-BC21-528CE8FC68EA}" = protocol=6 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{9063E458-5FC2-4153-B8A1-359F5AF195F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012 resource archiver\resource archiver.exe |
"{90A2D90C-D479-44E3-8C0A-9F5F19FB21D9}" = protocol=6 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{90D91505-CC20-484E-BFEB-18E80D091B27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012 editor\editor.exe |
"{90DB1ED9-CDAE-42F9-A49B-49BB37D60F1B}" = protocol=17 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{91248346-3D8A-4841-A4BE-70CDB9D3F1CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2014 demo\fm.exe |
"{91B22720-782A-42F2-8C39-B5BD1267E48D}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{92BC1030-3E57-4750-8744-D26D1067C9F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{93485625-3B69-4E0C-B2B3-A9C19123AA68}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{95C89025-463D-4392-9E5C-67069579A3F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{967FA8C8-0C95-4CAA-A362-9FF42B83D89C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{98042921-E843-424A-91EB-1C59B0301979}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{98B29522-3B6F-4A19-B222-7BCC381D8401}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{99C155FA-86B7-44FB-B56A-E704F3410A45}" = protocol=58 | dir=in | [email protected],-148 |
"{9C8D4829-CD71-4F07-98EF-7A0D2B67B0F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F752E1F-B495-40F8-8995-219C840907AF}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9FCC477F-B02D-4C2D-9F15-4ABC0F15096B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1B7048E-3998-4D34-8075-C58D296757F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A296B5FE-4DBC-43D7-81F5-58A9D7DBF38E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A510F5DD-2274-4AF1-93B1-705CCBB1124F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A71664B6-8185-4F57-A3FD-E1F4371BAA2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{AA7F93F9-C5AB-4676-96BB-2FBF1AAABFD8}" = protocol=6 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{AAC24E71-F82F-4578-8274-770B96D0C9CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe |
"{AC36DE8A-CB43-4138-B8FB-BD5CBA191D50}" = protocol=1 | dir=out | [email protected],-28544 |
"{B54CFF59-C970-4262-9872-C99B1BD64C3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5E9C437-055D-47D4-BAE0-787D1D8A73FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012\fm.exe |
"{B6B77219-C607-4969-9F2F-66E1439BCEA6}" = protocol=6 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{B8A90F53-4122-4C96-ACA8-490E5DAA13F7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B8EF6EFB-BF92-4D3C-9E7A-820A691A354C}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{BB81657E-EFFD-489B-BC1C-9C3F8BD04B2B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{BB83F10C-35C7-47EF-B0C7-8C2047CFB9AA}" = protocol=17 | dir=in | app=c:\users\blake\desktop\project 5\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{BBDA77D6-ACE6-449B-B15B-372DD8DDF53B}" = dir=in | app=c:\users\blake\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{BD0B6B4A-37CB-4AB4-BF58-34B8327F6E11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012\fm.exe |
"{BE815295-0763-4D41-857B-EF287956C5AE}" = protocol=58 | dir=in | [email protected],-28545 |
"{BEF27187-F553-4124-91F8-80F3F396B3DA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BF42F223-AD86-4E8C-BE6F-34ED4C15CDC5}" = protocol=6 | dir=out | app=system |
"{BF6F51F5-E566-4D58-8A19-61092B7E27D4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{C03E5474-6602-4725-8F43-DD86C5904C4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{C3034E7C-FF8F-46FF-84D2-F50A1FAD9986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4B44D24-18D0-42CE-A670-85423993FFD5}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{C789B613-2ED5-43E5-B7BF-3F8D90240DD1}" = protocol=6 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{CDEA34F9-AE62-4308-9DB7-7102EA05359E}" = protocol=58 | dir=out | [email protected],-28546 |
"{CE8DCAA3-12CA-4228-BFF8-A3B5C199BCE4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{D2492022-8768-487E-B65D-65B680CCAE5C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{D333ED92-CB80-420C-8F40-5C0DEFE99058}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D3C98ED6-E14C-46BB-BF8D-933816D179C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{D4F8986B-B76C-40B8-A2F2-A474B85DE087}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D819CD1B-800A-4EA9-A275-5D2265514E75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{DD69CD43-75B2-4204-89DF-5375ED8D39C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DDE0A884-FE2D-415E-BDFF-33229CD0E175}" = protocol=17 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.exe |
"{E142CEE8-7C16-44E9-9551-3D7304E5074F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E504BB7B-C61E-4F5D-BCCA-77070F50ECDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{E66509F7-AEE6-46C4-BA7C-C69D11F77323}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2014 demo\fm.exe |
"{E6E8E267-8A2B-45B6-AF2F-4A4B981768CF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 beta\bf3.exe |
"{E70C9419-23A7-4BCF-94D5-80FAEEBF64B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012 resource archiver\resource archiver.exe |
"{EB4AB853-4890-46BE-B823-02169C56C0EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EFF8B02D-6C66-4CCF-984C-D62722DBF646}" = protocol=17 | dir=in | app=c:\users\blake\desktop\pretbc\pretbc\world of warcraft 1.12\launcher.patch.exe |
"{F078D257-55A9-4D52-A927-3013D631EA73}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F78E278A-CF59-4A8C-BF36-719CD3D878E2}" = protocol=6 | dir=in | name=blizzard downloader test1 |
"{F99E7A0C-9EFF-47F1-9109-E5D24C4AA721}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F9C0E3B0-18E9-4D85-ADA5-205E164B3C84}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FB0CA188-9E9D-4F02-BC53-A46A58ABF687}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe |
"{FE9E89B5-0967-4AC0-B973-7E8C3D3DFEFD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}" = WinZip 18.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Cucusoft iPad/iPhone/iPod to Computer Transfer_is1" = iPad/iPhone/iPod to Computer Transfer 7.5.9
"Maple 17" = Maple 17
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = My Dell
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}" = calibre
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}" = FIFA 13 Demo
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5018D8E6-8D8E-4F76-9AFD-CB2EF1100E84}" = Intel® C++ Redistributables on IA-32
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1" = Game Dev Tycoon version 1.4.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A5AEDA0-3B9E-4006-90A7-E78779951A43}" = EViews 7
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{791FF357-3DE8-485E-BD59-41844BB16415}" = Intel® C++ Redistributables on Intel® 64
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B68FC32E-D58F-4B74-A838-B265BF40A445}" = EViews 7
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2240
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"DC++" = DC++ 0.802
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"ESN Sonar-0.70.0" = ESN Sonar
"FIFA 12 © EA_is1" = FIFA 12 © EA version 1
"FM Genie Scout 12_is1" = FM Genie Scout 12 version 1.1
"FM Genie Scout 13_is1" = FM Genie Scout 13 version 1.0 13.3.3
"Foxit Reader_is1" = Foxit Reader
"iLivid" = iLivid
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"IrfanView" = IrfanView (remove only)
"League of Legends 3.0.0" = League of Legends
"Maple 17" = Maple 17
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PellesC" = Pelles C for Windows
"PunkBusterSvc" = PunkBuster Services
"SafeConnect" = SafeConnect
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.5
"SopCast" = SopCast 3.5.0
"Steam App 17470" = Dead Space
"Steam App 207890" = Football Manager 2013
"Steam App 238960" = Path of Exile
"Steam App 242380" = Football Manager 2014 Demo
"Steam App 47790" = Medal of Honor™ Single Player
"Steam App 71270" = Football Manager 2012
"Steam App 71400" = Football Manager 2012 Editor
"Steam App 71410" = Football Manager 2012 Resource Archiver
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WinAce Archiver" = WinAce Archiver
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = f.lux
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spotify" = Spotify
"TorrentStream" = Torrent Stream 2.0.8.5.1
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/27/2014 6:20:02 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/27/2014 6:20:02 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8221
 
Error - 3/27/2014 6:20:02 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8221
 
Error - 3/27/2014 6:20:04 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/27/2014 6:20:04 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9594
 
Error - 3/27/2014 6:20:04 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9594
 
Error - 3/27/2014 6:20:05 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/27/2014 6:20:05 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10608
 
Error - 3/27/2014 6:20:05 PM | Computer Name = Blake-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10608
 
Error - 3/27/2014 10:16:24 PM | Computer Name = Blake-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3
 
[ Dell Events ]
Error - 5/24/2011 8:28:56 PM | Computer Name = Blake-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 5/24/2011 8:28:56 PM | Computer Name = Blake-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 5/24/2011 8:39:38 PM | Computer Name = Blake-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 5/24/2011 8:39:38 PM | Computer Name = Blake-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 6/12/2011 1:30:15 PM | Computer Name = Blake-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
[ System Events ]
Error - 3/27/2014 8:51:27 PM | Computer Name = Blake-PC | Source = Service Control Manager | ID = 7000
Description = The TCP/IP NetBIOS Helper service failed to start due to the following
 error:   %%1069
 
Error - 3/27/2014 10:14:08 PM | Computer Name = Blake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 3/27/2014 10:14:37 PM | Computer Name = Blake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 3/27/2014 10:14:50 PM | Computer Name = Blake-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{291097C8-CD7F-47E1-B057-A8B8A63F79AA}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 3/27/2014 10:14:50 PM | Computer Name = Blake-PC | Source = NetBT | ID = 4321
Description = The name "BLAKE-PC       :0" could not be registered on the interface
 with IP address 192.168.1.10.  The computer with the IP address 169.254.211.11 did
 not allow the name to be claimed by  this computer.
 
Error - 3/27/2014 10:14:50 PM | Computer Name = Blake-PC | Source = NetBT | ID = 4321
Description = The name "BLAKE-PC       :20" could not be registered on the interface
 with IP address 192.168.1.10.  The computer with the IP address 169.254.211.11 did
 not allow the name to be claimed by  this computer.
 
Error - 3/27/2014 10:14:58 PM | Computer Name = Blake-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 3/27/2014 10:15:43 PM | Computer Name = Blake-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 3/27/2014 10:16:46 PM | Computer Name = Blake-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 3/27/2014 10:16:46 PM | Computer Name = Blake-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >
 


  • 0

#6
23red
Posted 30 March 2014 - 06:33 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi mopyohn :)

Apologies for the  delay.  Let's get rid of the rest of the junk:

 

First Step
P2P Warning

 

Going over your logs I noticed that you have µTorrent and TorrentStream installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

1.  Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
2.  They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
3.  Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
4.  The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent and TorrentStream, however that choice is up to you. If you choose to remove the program, you can do so via Start ~> Control Panel ~> Programs and Features.
if you do not choose to uninstall, please refrain from using them until we are finished here.

 

Pando Media Booster Advice:

I see you have Pando Media Booster installed, maybe intentionally and or came with one of your installed games for example. Technically this type of software is based upon peer to peer technology and you can never really be sure what it is purportedly downloading is always safe. Plus it does not always make that much of a improvement with downloading.

My friendly advice is if you do not really use it, merely uninstall. However this is your choice to do so or not and end of the day I respect whomever I assist with what they wish to have installed on their respective machines.

 

 

Step 2
Uninstalls

 

Please go to Start > Control Panel > Programs and Features and remove the following if present:

utorrent <~ optional
TorrentStream <~ optional  
iLivid

 

There are 3 antivirus programs on the computer:
Avast
Mcafee
Microsoft Security Essentials

 

Only one should be installed at any time, please uninstall 2
Let me know which two you uninstall, and we'll complete those uninstalls, if needed.

 

Also, due to vulnerailitiies in older versions please also uninstall:

Java™ 6 Update 24 (64-bit)

 

 

 

Step 3
OTL Fix

Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg on your Desktop and choose Run as Administrator from the dropdown list, accept UAC prompts.

Under OTLcustomscansboxtitle.jpg
 in the textbox at the bottom, please paste in the following text:

 

 

 

 

:Commands
[CREATERESTOREPOINT]
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1341C25C-06BA-479A-90EA-A2E284D4A28D}
IE:64bit: - HKLM\..\SearchScopes\{1341C25C-06BA-479A-90EA-A2E284D4A28D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B3750A98-DEA4-4F58-8052-AB552F3EDCD5}: "URL" = http://websearch.ask...9E-40F49BF1A06E
IE - HKCU\..\SearchScopes\{EC19C37E-951A-4003-9405-594152D42A01}: "URL" = http://search.yahoo....p={searchTerms}
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
[2014/03/24 09:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\42gurd4i.default-1395634222067\extensions
[2012/09/27 11:20:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O33 - MountPoints2\{0d07c358-2338-11e3-9492-ee5a613dc25e}\Shell - "" = AutoRun
O33 - MountPoints2\{0d07c358-2338-11e3-9492-ee5a613dc25e}\Shell\AutoRun\command - "" = F:\autorun.exe
[2011/06/26 23:57:45 | 000,009,994 | -HS- | C] () -- C:\Users\Blake\AppData\Local\4t4u82jn155cx524wbld46ofv0n81yb588eb08gk
[2011/06/26 23:57:45 | 000,009,994 | -HS- | C] () -- C:\ProgramData\4t4u82jn155cx524wbld46ofv0n81yb588eb08gk
[2014/03/27 01:00:07 | 000,000,000 | ---D | M] -- C:\Users\Blake\AppData\Roaming\Search Protection
:Files
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state off /c
:Commands
[emptytemp]
[Reboot]

 

 

 

 

OTLpastefixhererunfix.jpg

•  Push the runfixbutton.jpg  button.
•  OTL will reboot the machine. 
•  Once the machine reboots, a copy of the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
•  Copy and Paste that report in your next reply, please

 

 

 

Step 4
ADWCleaner

 

Download ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.
Close all programs and right click on the AdwCleaner icon and choose Run as Administrator

scan-results.jpg

Click on Scan and follow the prompts.
Let it run unhindered.
When done, click on the Clean button, and follow the prompts.
Allow the system to reboot.
You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder as AdwCleaner[S0].txt

 

 

Step 5
Fresh OTL Scan

• Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg Run as Administrator, accept UAC prompts.

Make sure all other windows are closed and to let it run uninterrupted.
• Please check the box next to Scan All Users.
• Click the xrunscan_png_pagespeed_ic_5vmMCx0K2t.png button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open a notepad window:OTL.txt.  This is saved in the same location as OTL ~ Desktop
• Please copy (Edit ~> Select All,  Edit ~> Copy) the log it produces in your next reply.

 

 

When you return, please post:

1.  OTL fix log
2.  ADWCleaner log
3.  Fresh OTL scan
4.  Please advise which Antivirus you've chosen to keep and which you've uninstalled.
5.  How is the computer running now?  Any improvement?


  • 0

#7
mopyohn
Posted 30 March 2014 - 08:03 PM

mopyohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Thanks for the reply! Ok, I uninstalled iLivid, Java Update 6, ,Pando Mcaffee, and Microsoft Security Essentials. Will I need to download a different Java update to replace the one I deleted and if so where can I find a safe version?  OTL and Adwcleaner logs will be posted in next reply.


  • 0

#8
23red
Posted 30 March 2014 - 08:10 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Thanks for the reply! Ok, I uninstalled iLivid, Java Update 6, ,Pando Mcaffee, and Microsoft Security Essentials. Will I need to download a different Java update to replace the one I deleted and if so where can I find a safe version? 

You are very welcome! 

Java Update 6 is old, no need to replace anything.  Leaving it makes the computer vulnerable ~ a security leak so to speak.    You have current Java installed, we'll check that out further as well :thumbsup:

Awaiting your logs.  :)


  • 0

#9
mopyohn
Posted 30 March 2014 - 08:27 PM

mopyohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Woops!! Spoke too soon, logs will be posted soon.

Edited by mopyohn, 30 March 2014 - 08:29 PM.

  • 0

#10
mopyohn
Posted 30 March 2014 - 08:33 PM

mopyohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Heres the 1st OTL log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1341C25C-06BA-479A-90EA-A2E284D4A28D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1341C25C-06BA-479A-90EA-A2E284D4A28D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3750A98-DEA4-4F58-8052-AB552F3EDCD5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3750A98-DEA4-4F58-8052-AB552F3EDCD5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC19C37E-951A-4003-9405-594152D42A01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC19C37E-951A-4003-9405-594152D42A01}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\42gurd4i.default-1395634222067\extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d07c358-2338-11e3-9492-ee5a613dc25e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d07c358-2338-11e3-9492-ee5a613dc25e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d07c358-2338-11e3-9492-ee5a613dc25e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d07c358-2338-11e3-9492-ee5a613dc25e}\ not found.
File F:\autorun.exe not found.
C:\Users\Blake\AppData\Local\4t4u82jn155cx524wbld46ofv0n81yb588eb08gk moved successfully.
C:\ProgramData\4t4u82jn155cx524wbld46ofv0n81yb588eb08gk moved successfully.
C:\Users\Blake\AppData\Roaming\Search Protection folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Blake\Desktop\cmd.bat deleted successfully.
C:\Users\Blake\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Blake\Desktop\cmd.bat deleted successfully.
C:\Users\Blake\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state off /c >
Ok.
C:\Users\Blake\Desktop\cmd.bat deleted successfully.
C:\Users\Blake\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Blake
->Temp folder emptied: 28715096540 bytes
->Temporary Internet Files folder emptied: 258334948 bytes
->Java cache emptied: 1885659 bytes
->FireFox cache emptied: 254066135 bytes
->Google Chrome cache emptied: 357330924 bytes
->Flash cache emptied: 1755525 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1518527609 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43281866 bytes
RecycleBin emptied: 26003117123 bytes
 
Total Files Cleaned = 54,506.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03302014_221706

Files\Folders moved on Reboot...
C:\Users\Blake\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

Advertisements

#11
mopyohn
Posted 30 March 2014 - 08:41 PM

mopyohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Adwcleaner log:

 

# AdwCleaner v3.022 - Report created 30/03/2014 at 22:37:04
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Blake - BLAKE-PC
# Running from : C:\Users\Blake\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Blake\AppData\Local\apn
Folder Deleted : C:\Users\Blake\AppData\LocalLow\boost_interprocess
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\42gurd4i.default-1395634222067\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3107 octets] - [30/03/2014 22:35:11]
AdwCleaner[S0].txt - [2944 octets] - [30/03/2014 22:37:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3004 octets] ##########
 


  • 0

#12
mopyohn
Posted 30 March 2014 - 08:58 PM

mopyohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

The computer seems to be running better than before but FlashPlayerPlugin 12.0.0.77.exe is still using up a ton of memory.  Right now it's at 350,000K memory usage and 10-20% CPU usage in the task manager.  Firefox is also using up a lot of memory as well, around a constant 20% CPU usage.  This might be normal though because I've never really checked before the virus issues.  The internet is definitely running faster than before though!

 

Here is the fresh OTL scan log:

 

OTL logfile created on: 3/30/2014 10:43:40 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Blake\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.92 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 51.77% Memory free
7.83 Gb Paging File | 5.70 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 262.87 Gb Free Space | 58.28% Space Free | Partition Type: NTFS
 
Computer Name: BLAKE-PC | User Name: Blake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/27 22:26:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Blake\Desktop\OTL.exe
PRC - [2014/03/27 00:46:30 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/03/27 00:46:30 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/19 18:40:02 | 000,239,680 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2014/01/15 18:16:15 | 006,118,400 | ---- | M] (Spotify Ltd) -- C:\Users\Blake\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/01/15 18:15:38 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Blake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/01/15 18:15:37 | 000,603,648 | ---- | M] () -- C:\Users\Blake\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2013/10/15 19:06:12 | 001,016,712 | ---- | M] (Flux Software LLC) -- C:\Users\Blake\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/08/28 20:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/19 13:12:34 | 000,176,520 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
PRC - [2012/11/19 13:12:32 | 000,298,888 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/29 16:52:08 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 11:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/08/20 19:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/11 19:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/27 00:46:38 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/15 18:15:41 | 036,967,424 | ---- | M] () -- C:\Users\Blake\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/01/15 18:15:37 | 000,887,808 | ---- | M] () -- C:\Users\Blake\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/01/15 18:15:37 | 000,603,648 | ---- | M] () -- C:\Users\Blake\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/01/15 18:15:37 | 000,109,568 | ---- | M] () -- C:\Users\Blake\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/28 20:25:02 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/08/28 20:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/19 04:37:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010/12/17 11:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/11 19:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/08/11 19:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/08/11 19:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/08/11 19:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/08/11 19:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/08/11 19:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/08/11 19:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/08/11 19:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/27 00:46:30 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 15:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/24 16:19:26 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/02/19 18:40:02 | 000,239,680 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/19 13:12:34 | 000,176,520 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/09/29 16:52:08 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 19:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/27 00:46:44 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/03/27 00:46:44 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/03/27 00:46:44 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/03/27 00:46:44 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/03/27 00:46:44 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/03/27 00:46:44 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/03/27 00:46:43 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/10 20:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/04 08:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/25 19:27:19 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/15 06:48:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/05/15 06:48:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/28 04:57:14 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/22 05:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/17 13:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/15 13:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/13 13:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/12 10:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/12/01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/30 18:02:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/20 14:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/12 22:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CAA144CB-38EC-438D-ABD8-E5B955859DC4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Blake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Blake\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Blake\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=2.0.8.5.1: C:\Users\Blake\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/05/19 10:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/19 10:31:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/19 10:31:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/30 21:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/24 16:45:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Blake\AppData\Roaming\TorrentStream\extensions\firefox\[email protected] [2013/09/25 15:56:08 | 000,000,000 | ---D | M]
 
[2011/06/27 16:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blake\AppData\Roaming\Mozilla\Extensions
[2014/03/30 22:17:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/05 11:21:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/05 11:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/05 11:21:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/03/24 16:19:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/24 16:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/03/24 16:18:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/03/24 16:18:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...={searchTerms},
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Blake\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Blake\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Blake\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Blake\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Google Search = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: Google Wallet = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [F.lux] C:\Users\Blake\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Blake\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Blake\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Blake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0249369A-2D83-43AE-B510-09ADCA62A2D6}: DhcpNameServer = 128.6.1.1 172.28.0.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{291097C8-CD7F-47E1-B057-A8B8A63F79AA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/30 22:35:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/30 22:17:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/30 21:46:49 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/03/30 21:46:49 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/03/30 21:46:48 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/03/27 22:26:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Blake\Desktop\OTL.exe
[2014/03/27 17:52:43 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/03/27 00:47:57 | 000,000,000 | ---D | C] -- C:\Users\Blake\AppData\Roaming\AVAST Software
[2014/03/27 00:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/03/27 00:46:52 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/27 00:46:52 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/03/27 00:46:52 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/27 00:46:52 | 000,084,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/03/27 00:46:52 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/27 00:46:49 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/27 00:46:41 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/27 00:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/03/27 00:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/03/26 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\Blake\Desktop\Fall 2014
[2014/03/25 18:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2014/03/24 21:00:07 | 000,000,000 | ---D | C] -- C:\Users\Blake\AppData\Roaming\Oracle
[2014/03/24 20:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/24 20:02:16 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/03/24 20:01:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/03/24 20:01:53 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/03/24 20:01:53 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/03/24 16:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/03/24 16:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/03/24 16:31:30 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/03/18 14:36:32 | 000,000,000 | ---D | C] -- C:\Users\Blake\AppData\Local\Electronic Arts
[2014/03/18 14:36:08 | 000,000,000 | ---D | C] -- C:\Users\Blake\Documents\Electronic Arts
[2014/03/18 14:33:06 | 000,000,000 | ---D | C] -- C:\Users\Blake\Documents\Electrontic Arts
[2012/09/15 22:59:27 | 000,488,960 | ---- | C] (Alessandro Portale www.casaportale.de) -- C:\Program Files\Common Files\PosteRazor.exe
[1 C:\Users\Blake\Documents\*.tmp files -> C:\Users\Blake\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/30 22:47:08 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 22:47:08 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 22:45:26 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/30 22:45:26 | 000,663,472 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/30 22:45:26 | 000,122,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/30 22:39:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/30 22:38:04 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/30 22:21:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-414650306-3727077715-2216370247-1002UA.job
[2014/03/30 22:21:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-414650306-3727077715-2216370247-1002Core.job
[2014/03/30 22:14:57 | 001,950,720 | ---- | M] () -- C:\Users\Blake\Desktop\AdwCleaner.exe
[2014/03/30 21:55:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414650306-3727077715-2216370247-1002UA.job
[2014/03/30 21:52:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/03/30 13:22:31 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414650306-3727077715-2216370247-1002Core.job
[2014/03/27 22:26:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Blake\Desktop\OTL.exe
[2014/03/27 17:56:54 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2014/03/27 00:47:48 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/27 00:46:44 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/27 00:46:44 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/03/27 00:46:44 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/27 00:46:44 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/03/27 00:46:44 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/27 00:46:44 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/27 00:46:43 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/27 00:46:43 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/27 00:46:41 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/24 20:01:40 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/03/24 20:01:36 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/03/24 20:01:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/03/24 20:01:35 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/03/24 16:31:04 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/03/24 16:31:00 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/03/24 16:31:00 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/03/24 16:30:59 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/03/24 16:26:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/24 16:26:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/24 16:19:35 | 000,002,046 | ---- | M] () -- C:\Users\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/20 18:21:00 | 000,000,132 | ---- | M] () -- C:\Users\Blake\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/03/19 11:12:01 | 000,001,974 | ---- | M] () -- C:\Users\Blake\Desktop\Play Football Manager 2014.lnk
[2014/03/10 00:04:37 | 000,112,757 | ---- | M] () -- C:\Users\Blake\Documents\MapleLab2.mw
[1 C:\Users\Blake\Documents\*.tmp files -> C:\Users\Blake\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/03/30 22:14:50 | 001,950,720 | ---- | C] () -- C:\Users\Blake\Desktop\AdwCleaner.exe
[2014/03/27 17:56:54 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2014/03/27 00:47:48 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/27 00:46:52 | 000,208,928 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/27 00:46:52 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/19 11:12:01 | 000,001,974 | ---- | C] () -- C:\Users\Blake\Desktop\Play Football Manager 2014.lnk
[2014/03/10 00:04:36 | 000,112,757 | ---- | C] () -- C:\Users\Blake\Documents\MapleLab2.mw
[2013/09/25 11:27:01 | 000,000,132 | ---- | C] () -- C:\Users\Blake\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/09/22 23:08:09 | 000,000,045 | RH-- | C] () -- C:\Windows\sgc_user.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/04/11 20:49:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/02/13 01:04:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 


  • 0

#13
23red
Posted 30 March 2014 - 11:07 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi mopyohn :)

You've decided to keep Avast!  Good choice :)

 

Let's move forward as such:

Please run the McAfee Removal Tool to clear out remnants:

 

Step 1
Mcafee Removal Tool

Download the Mcafee Removal Tool to your desktop.

Run the tool to remove Mcafee remnants.

After this, please restart your computer.

 

 

Checking for rootkits...

 

Step 2
ASWMBR

• Download aswMBR.exe to your desktop.
• Right click aswMBR.exe and choose Run as Administrator, accept UAC prompts
• It may ask if you want it to Download latest virus definitions at startup. Click Yes

downloadaswmbr.jpg

Click the [Scan] button to start scan.

 aswmbr2.jpg

• On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
• If the Fix button is not enabled, click [Save log] , save it to your desktop and post in your next reply

 

Step 3

SecurityCheck

Please also download Security Check by screen317.

•Save it to your Desktop.
•Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
•A Notepad document should open automatically called checkup.txt; please also post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!  Try rebooting the system and then run SecurityCheck again.

When you return, please post:

aswMBR log
checkup.txt from SecurityCheck   :)

 


  • 0

#14
mopyohn
Posted 31 March 2014 - 02:00 PM

mopyohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Update: I ran the McAfee remove and that went well.  However, I started the  ASWMBR scan and walked away from my computer and when I came back there was a BSOD with the message "Modification of system code or a critical data structure was detected."  Note that I didn't hit the fix button, it must have blue screened in the middle of the scan.  Should I try to run the scan again?


  • 0

#15
23red
Posted 31 March 2014 - 05:16 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi mopyohn :)

Hold off on the aswMBR scan for now.  I'd like to consult with my teacher first.  Please go ahead with the SecurityCheck scan.  Thank you for asking  ;)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP