When writing an email today i noticed that text appearing onscreen did not match what i was
typing. My cursor was also skipping randomly highlightin & removing/replacing text. I closed the email draft and immediately another draft window opens adressed to someone
from my contact list. At this point i closed firefox, disconnected from the internet and ran a virus scan with norton anti-virus. 38 tracking cookies were
found and removed but nothing else. Changed my email password, then booted into ubuntu to find help. when i rebooted windows to run the OTL program i noticed
that the windows graphics theme was unstable and switching between the manufacturer default (the one i use) and something that looked like windows xp classic.
I could have downloaded a virus as i have been downloading a lot of files lately.
also some sidenotes:
os: windows 7 64bit, couldn't say if i have updated in the past month, probably not
virus protection: norton security suite (provided by xfinity)
hardware: Clevo w110er, G500 mouse with up to date drivers and a rosewill gaming keyboard using a ps2 to usb converter, which could explain the odd text screw up
but not the other symptoms.
OTL info - did not change any scanner options, just opened the program and clicked quick scan, w/admin access. - two files otl.txt and extras.txt -
====OTL.txt====
OTL logfile created on: 2/22/2013 8:25:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\james\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.90 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 77.20% Memory free
15.79 Gb Paging File | 13.80 Gb Available in Paging File | 87.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.29 Gb Total Space | 493.85 Gb Free Space | 70.72% Space Free | Partition Type: NTFS
Drive E: | 14.71 Gb Total Space | 14.54 Gb Free Space | 98.83% Space Free | Partition Type: FAT32
Computer Name: JAMESV3-PC | User Name: james | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/02/22 20:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\james\Desktop\OTL.exe
PRC - [2013/02/12 15:23:20 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/02/09 22:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/10 21:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012/07/09 16:47:18 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/07/09 16:47:14 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/05/20 11:26:26 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/15 15:23:46 | 004,729,344 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
PRC - [2012/01/19 11:35:24 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/01/19 11:35:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/01/19 11:35:18 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/01/19 11:35:08 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/06 16:35:22 | 000,121,456 | ---- | M] (Chicony) -- C:\Program Files (x86)\ChiconyCam\CECAPLF.exe
PRC - [2011/02/18 18:57:30 | 000,035,328 | ---- | M] () -- c:\Program Files (x86)\Hotkey\PowerBiosServer.exe
PRC - [2010/11/01 16:25:36 | 001,374,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/16 13:28:23 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\46c1da3f2c4c666140a414394e1cb20b\System.WorkflowServices.ni.dll
MOD - [2013/02/16 13:27:41 | 000,361,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\7de8e7a33ec077606c62621d06060d4d\IAStorUtil.ni.dll
MOD - [2013/02/16 13:27:02 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/16 11:52:13 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/16 11:51:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/16 03:06:39 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/11 02:34:13 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b26c0ed378c4b15c60cef0baada4e0dc\System.ServiceModel.Routing.ni.dll
MOD - [2013/01/11 02:34:12 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebf949aee7febad1902974b1a2bd77a2\System.ServiceModel.Discovery.ni.dll
MOD - [2013/01/11 02:34:11 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\800370766976fd4ec232b4e29781717d\System.ServiceModel.Channels.ni.dll
MOD - [2013/01/11 02:34:02 | 001,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9714573400d1d3724808c63f1fd6de83\System.ServiceModel.Web.ni.dll
MOD - [2013/01/11 02:32:30 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b15622741724e17f1335c4771c3700a0\System.ServiceModel.Activities.ni.dll
MOD - [2013/01/11 02:32:27 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll
MOD - [2013/01/11 02:32:25 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013/01/11 02:32:11 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\45b79acb02bf0ab3a13b3746a7380edb\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/01/11 02:32:08 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\c788a761e7ddb56118e5b8d68c284ff7\IAStorCommon.ni.dll
MOD - [2013/01/10 23:05:34 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/10 23:05:22 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/10 23:05:21 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013/01/10 23:05:21 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/09 15:28:56 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 14:38:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 14:37:48 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/09 14:37:27 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 14:37:25 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/09 14:37:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 14:37:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 14:37:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 14:37:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 14:36:54 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/09 11:06:46 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/09 11:06:42 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 11:06:38 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 11:06:38 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/09 11:06:36 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 11:06:29 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/09/18 10:27:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\wincfi39.dll
MOD - [2012/02/15 15:23:46 | 004,729,344 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
MOD - [2009/06/06 17:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/07/23 19:36:44 | 000,490,496 | ---- | M] () [Auto | Running] -- C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service)
SRV:64bit: - [2012/01/11 00:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/01/09 17:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/12 15:23:20 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/02/09 22:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/07 20:19:35 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/07 15:36:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/19 16:10:47 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/10 21:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe -- (N360)
SRV - [2012/07/09 16:47:14 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/19 11:35:24 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/19 11:35:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/19 11:35:18 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/01/19 11:35:08 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/18 18:57:30 | 000,035,328 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/02/09 22:25:27 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/01/31 00:24:33 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/28 16:39:22 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/08 20:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 20:40:36 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 20:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2012/10/03 20:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/10/02 17:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/27 22:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/07/23 19:37:50 | 000,066,928 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2012/07/23 19:37:44 | 003,364,720 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64)
DRV:64bit: - [2012/07/22 20:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/07/09 16:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/09 16:43:08 | 000,027,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/05/25 00:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/05/20 11:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/05/20 11:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/05/20 11:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/02 16:01:20 | 000,677,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/01/31 12:06:18 | 000,292,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/01/09 17:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/12/05 15:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/15 14:14:56 | 001,393,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/30 06:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/01/16 10:34:22 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130221.019\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 10:34:22 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130221.019\eng64.sys -- (NAVENG)
DRV - [2013/01/15 21:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/12/28 17:01:39 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/12/28 17:01:39 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/28 16:39:26 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130221.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 71 28 58 AC 04 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.2.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2012/12/28 16:40:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/02/22 20:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/07 15:36:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/07 15:36:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/12/28 15:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\james\AppData\Roaming\Mozilla\Extensions
[2013/02/14 00:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\98vu0i6h.default\extensions
[2013/01/29 23:02:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\98vu0i6h.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/01/11 02:48:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\98vu0i6h.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/01/06 17:25:31 | 000,241,552 | ---- | M] () (No name found) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\98vu0i6h.default\extensions\[email protected]
[2013/01/15 01:52:14 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\98vu0i6h.default\extensions\[email protected]
[2013/02/14 00:38:19 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\98vu0i6h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/15 23:28:33 | 000,001,300 | ---- | M] () -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\98vu0i6h.default\searchplugins\claro.xml
[2013/02/13 16:43:51 | 000,002,530 | ---- | M] () -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\98vu0i6h.default\searchplugins\safesearch.xml
[2013/02/07 15:36:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/07 15:36:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/02/07 15:36:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/02/22 20:23:26 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN
[2013/02/07 15:36:04 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/15 23:28:23 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/11/20 01:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/20 01:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [CECAPLF] C:\Program Files (x86)\ChiconyCam\CECAPLF.exe (Chicony)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Computer)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{745801FB-B68E-43C4-B033-1AE01DDE8DD8}: DhcpNameServer = 192.168.0.11
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll c:\windows\syswow64\nvinit.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/02/22 20:24:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\james\Desktop\OTL.exe
[2013/02/19 23:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/02/19 23:20:35 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/02/16 19:55:12 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\WOT Statistics
[2013/02/16 19:54:51 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WOT Statistics
[2013/02/16 19:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOT Statistics
[2013/02/16 15:33:40 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\Processing (install folder)
[2013/02/16 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\Processing
[2013/02/16 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Processing
[2013/02/15 19:09:01 | 000,000,000 | ---D | C] -- C:\ubuntu
[2013/02/13 13:48:57 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\.gephi
[2013/02/13 13:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gephi
[2013/02/13 13:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gephi-0.8.2
[2013/02/12 15:24:50 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\PunkBuster
[2013/02/12 14:30:38 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2013/02/12 14:30:25 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/02/12 14:29:11 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Apps
[2013/02/12 14:29:10 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Deployment
[2013/02/10 21:24:55 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\ts3overlay_hook_win64
[2013/02/10 21:24:54 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\ts3overlay
[2013/02/10 19:56:30 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\TS3Client
[2013/02/10 00:01:56 | 000,000,000 | ---D | C] -- C:\Users\james\Desktop\Dad's Pictures - Brazil
[2013/02/08 22:35:54 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013/02/08 22:35:52 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\TeamSpeak 3 Client
[2013/02/07 21:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2013/02/07 15:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/06 21:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Game Creators
[2013/02/06 21:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Game Creators
[2013/02/06 17:23:48 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\J River
[2013/02/06 16:52:03 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\foobar2000
[2013/02/06 16:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2013/02/06 16:40:51 | 000,585,728 | ---- | C] (Audible Inc.) -- C:\Windows\SysWow64\AReadyLB.dll
[2013/02/06 16:40:51 | 000,585,728 | ---- | C] (Audible Inc.) -- C:\Windows\SysNative\AReadyLB.dll
[2013/02/06 16:40:51 | 000,229,376 | ---- | C] (Audible Inc.) -- C:\Windows\SysWow64\AudDevicePlugin.dll
[2013/02/06 16:40:51 | 000,229,376 | ---- | C] (Audible Inc.) -- C:\Windows\SysNative\AudDevicePlugin.dll
[2013/02/06 16:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\J River
[2013/02/05 18:21:10 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\MusicBrainz
[2013/02/05 18:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicBrainz Picard
[2013/02/05 18:03:25 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Jaangle
[2013/02/05 18:03:10 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jaangle
[2013/02/05 18:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jaangle
[2013/02/05 18:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jaangle
[2013/02/05 17:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2013/02/05 17:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/02/05 17:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/02/05 17:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/02/05 17:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/03 20:10:25 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\vlc
[2013/02/03 20:04:32 | 000,000,000 | ---D | C] -- C:\Users\james\.local
[2013/02/03 20:01:43 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\.kde
[2013/02/02 23:38:05 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\4A Games
[2013/02/02 23:34:03 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\4A Games
[2013/02/02 23:02:59 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Logitech
[2013/02/02 23:02:55 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Leadertech
[2013/02/02 23:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013/02/02 22:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013/02/02 22:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013/02/02 22:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/02/02 22:43:34 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\fontconfig
[2013/02/02 22:43:33 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\gegl-0.2
[2013/02/02 22:43:33 | 000,000,000 | ---D | C] -- C:\Users\james\.gimp-2.8
[2013/02/02 22:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/02/02 22:14:08 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Apple Computer
[2013/02/02 22:13:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/02/02 22:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/02/02 22:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/02 22:12:50 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Apple
[2013/02/01 15:16:12 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\GetBooks
[2013/02/01 15:14:45 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\NPE
[2013/02/01 14:58:49 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Adobe_Systems_Incorporate
[2013/02/01 14:58:39 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\My Digital Editions
[2013/01/31 15:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2013/01/31 00:42:00 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Skyrim
[2013/01/31 00:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2013/01/31 00:24:33 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/01/31 00:24:30 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\DAEMON Tools Lite
[2013/01/31 00:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/01/31 00:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013/01/27 15:01:21 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Sony Online Entertainment
[2013/01/25 12:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2013/01/25 08:23:09 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\SoftGrid Client
[2013/01/25 08:23:08 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\SoftGrid Client
[2013/01/25 08:22:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/01/25 08:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/01/25 08:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2013/01/25 08:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/01/25 08:21:31 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\TP
[2013/01/23 20:53:29 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Carbon
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/02/22 20:21:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/22 20:21:28 | 2063,912,959 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/22 20:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\james\Desktop\OTL.exe
[2013/02/22 19:19:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/22 10:01:37 | 000,012,218 | ---- | M] () -- C:\Users\james\Desktop\Any Direction #2.odt
[2013/02/20 02:49:53 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/20 02:49:53 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 13:09:40 | 000,281,120 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/02/18 13:09:40 | 000,281,120 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/17 02:05:15 | 000,281,120 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/02/16 15:34:06 | 000,003,634 | ---- | M] () -- C:\Users\james\Desktop\processing.lnk
[2013/02/16 11:51:04 | 000,297,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/16 03:04:24 | 000,795,910 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/16 03:04:24 | 000,661,808 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/16 03:04:24 | 000,121,944 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/15 19:19:37 | 000,132,151 | ---- | M] () -- C:\wubildr
[2013/02/15 19:19:36 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2013/02/13 13:48:44 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Gephi.lnk
[2013/02/12 15:23:20 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/02/10 13:27:30 | 000,000,157 | ---- | M] () -- C:\Windows\SysWow64\SystemPreferences.xml
[2013/02/09 22:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/02/09 08:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/02/08 22:35:56 | 000,001,221 | ---- | M] () -- C:\Users\james\Desktop\TeamSpeak 3 Client.lnk
[2013/02/06 21:59:13 | 000,001,417 | ---- | M] () -- C:\Users\Public\Desktop\AGK BASIC Trial.lnk
[2013/02/06 21:58:56 | 000,001,450 | ---- | M] () -- C:\Users\Public\Desktop\Dark Basic.lnk
[2013/02/06 16:51:54 | 000,001,042 | ---- | M] () -- C:\Users\james\Desktop\foobar.lnk
[2013/02/06 16:40:51 | 000,000,076 | ---- | M] () -- C:\Windows\SysWow64\dtirc.dll
[2013/02/05 18:21:07 | 000,001,194 | ---- | M] () -- C:\Users\james\Desktop\MbPicard.lnk
[2013/02/05 18:03:10 | 000,001,002 | ---- | M] () -- C:\Users\james\Desktop\Jaangle.lnk
[2013/02/02 22:48:48 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013/02/02 22:45:12 | 000,000,899 | ---- | M] () -- C:\Users\james\Desktop\GIMP 2.lnk
[2013/02/01 14:58:41 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\ADE.lnk
[2013/01/31 15:12:19 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\NmManager.lnk
[2013/01/31 00:25:15 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON.lnk
[2013/01/31 00:24:33 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/01/27 13:52:07 | 000,775,756 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/02/21 10:02:57 | 000,012,218 | ---- | C] () -- C:\Users\james\Desktop\Any Direction #2.odt
[2013/02/16 15:34:06 | 000,003,634 | ---- | C] () -- C:\Users\james\Desktop\processing.lnk
[2013/02/15 19:19:36 | 000,132,151 | ---- | C] () -- C:\wubildr
[2013/02/15 19:19:36 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2013/02/13 13:48:44 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Gephi.lnk
[2013/02/12 15:25:02 | 000,281,120 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/02/12 15:23:25 | 000,281,120 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/12 15:23:25 | 000,281,120 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/02/12 15:23:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/02/10 13:27:30 | 000,000,157 | ---- | C] () -- C:\Windows\SysWow64\SystemPreferences.xml
[2013/02/08 22:35:56 | 000,001,221 | ---- | C] () -- C:\Users\james\Desktop\TeamSpeak 3 Client.lnk
[2013/02/06 21:59:12 | 000,001,417 | ---- | C] () -- C:\Users\Public\Desktop\AGK BASIC Trial.lnk
[2013/02/06 21:58:55 | 000,001,450 | ---- | C] () -- C:\Users\Public\Desktop\Dark Basic.lnk
[2013/02/06 16:51:53 | 000,001,042 | ---- | C] () -- C:\Users\james\Desktop\foobar.lnk
[2013/02/06 16:40:51 | 000,183,129 | ---- | C] () -- C:\Windows\SysWow64\AM Install1.INF
[2013/02/06 16:40:51 | 000,183,129 | ---- | C] () -- C:\Windows\SysNative\AM Install1.INF
[2013/02/06 16:40:51 | 000,000,076 | ---- | C] () -- C:\Windows\SysWow64\dtirc.dll
[2013/02/05 18:21:07 | 000,001,194 | ---- | C] () -- C:\Users\james\Desktop\MbPicard.lnk
[2013/02/05 18:20:44 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
[2013/02/05 18:03:10 | 000,001,002 | ---- | C] () -- C:\Users\james\Desktop\Jaangle.lnk
[2013/02/02 22:48:48 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013/02/02 22:45:12 | 000,000,899 | ---- | C] () -- C:\Users\james\Desktop\GIMP 2.lnk
[2013/02/02 22:42:53 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/02/01 14:58:40 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\ADE.lnk
[2013/01/31 15:12:18 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\NmManager.lnk
[2013/01/31 00:25:14 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON.lnk
[2013/01/08 16:31:25 | 000,025,090 | ---- | C] () -- C:\Windows\SysWow64\aaopwm.dll
[2013/01/05 07:00:10 | 000,000,017 | ---- | C] () -- C:\Users\james\AppData\Local\resmon.resmoncfg
[2012/12/19 16:24:56 | 000,775,756 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/19 16:11:37 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/12/19 16:11:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/12/19 16:11:37 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/12/19 16:11:37 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/12/19 16:11:37 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/12/14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/05/15 12:11:22 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/05/15 12:11:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/01/10 23:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/02/13 13:48:57 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\.gephi
[2013/02/03 20:02:35 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\.kde
[2013/01/15 02:08:16 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Audacity
[2013/01/15 01:51:27 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\avidemux
[2013/01/15 23:28:15 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Babylon
[2013/02/01 15:34:27 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\BitTorrent
[2013/01/15 01:31:20 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Blender Foundation
[2013/01/23 20:53:29 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Carbon
[2013/01/31 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\DAEMON Tools Lite
[2013/01/05 20:17:34 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\fltk.org
[2013/02/21 10:00:52 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\foobar2000
[2013/02/02 22:24:06 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\iFunbox_UserCache
[2013/02/06 17:23:48 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\J River
[2013/02/16 14:48:21 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Jaangle
[2013/02/02 23:02:55 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Leadertech
[2013/02/05 18:21:10 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\MusicBrainz
[2012/12/29 14:05:40 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Natural Selection 2
[2013/01/02 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\OpenOffice.org
[2013/02/16 15:33:10 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Processing
[2013/02/11 01:43:50 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\SoftGrid Client
[2012/12/29 00:43:41 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Spotify
[2013/01/19 21:17:11 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\The Creative Assembly
[2013/01/22 10:57:10 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\TheSage
[2013/01/25 08:23:19 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\TP
[2013/02/21 21:53:48 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\TS3Client
[2013/02/10 21:25:27 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\ts3overlay
[2013/02/10 22:04:16 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\ts3overlay_hook_win64
[2012/12/28 18:39:53 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Wargaming.net
[2013/02/16 20:00:05 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\WOT Statistics
========== Purity Check ==========
< End of report >
===Extras.txt===
OTL Extras logfile created on: 2/22/2013 8:25:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\james\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.90 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 77.20% Memory free
15.79 Gb Paging File | 13.80 Gb Available in Paging File | 87.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.29 Gb Total Space | 493.85 Gb Free Space | 70.72% Space Free | Partition Type: NTFS
Drive E: | 14.71 Gb Total Space | 14.54 Gb Free Space | 98.83% Space Free | Partition Type: FAT32
Computer Name: JAMESV3-PC | User Name: james | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4DBB16D6-E908-4A0A-BF8B-4FF9579CEEA6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{516B3314-DF3C-4D11-91B7-771E4D6CFFFC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5219D29D-989F-47AD-A9A0-A00D5023BA36}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C0D4C47-89D1-406E-B793-F2FC2AC6E5C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81F74A51-851C-4A6F-A775-FE6AC6F731BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98179F17-1FA4-4B32-A4CA-42B70241E621}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC3631DB-4F05-455C-9644-6D10BF765FFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D64BDD06-04A8-45CB-B4E2-411B4C884D20}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FDD74883-DD65-4164-8D19-A9EF0ABBDA40}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074CE5AA-7362-41E9-B2D8-568AC93015EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11E116EB-8EF0-45C7-BA00-16E066D5D1AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexus the jupiter incident\runme.exe |
"{130993F3-67AF-4656-BAA1-BD997CBCFAD4}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{21681169-4BB0-4840-8CE6-758EE115E11A}" = protocol=6 | dir=out | app=system |
"{21914FDB-572E-4029-B6A8-E661E04C4D4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{2A1E83AA-ACF3-4A4C-9D9D-119FC90C56A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{396BD5E7-8B19-42C1-8C9E-EAF2475B2361}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{402556E8-F32B-4DBA-9099-61909D092C79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{441809DD-FC44-4A19-BDA6-096490373FDD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49AF30E9-0DEC-4524-85BA-82115F0675B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49B6974A-4A1A-437E-A577-5F05AA113F62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{4B4B6415-24AC-4FD7-AEBE-2D37033959DB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4EB687F4-F572-4822-BAD6-E4CA876379A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{54A3C5D7-F9DA-4080-9C2A-363655BB3500}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{63325399-3036-4D46-8C47-B0F93210B77C}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{6367812E-1FFE-4416-8CF7-C0C3278690C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{72E1EAE9-DFDC-44C9-8B4B-A40603E3ABDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{74370816-0950-4685-ACF3-75675581674B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{768D26FF-B0C5-4018-B0ED-7A649C623881}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7797828A-C6E0-4EB5-9BEC-41266C33EAF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{7E9101ED-01CE-4C2F-A41B-D224C92C24BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{7FF711FC-236E-4D49-83D3-40FCBF36897A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{81F31591-A72D-4D73-9860-77F90F1CFAB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{883AB0E2-62B1-463B-8382-14206EB04E87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CFB58C5-B0BD-4DB3-A622-A1A917BADF1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9E443D50-1DEB-4A5B-A509-2CEB375EE372}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{9FC0DD44-A0DE-40A3-AEFE-B2ED8D1C39E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe |
"{AAD8545E-E11B-4F89-9222-6CE6D53B8B14}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{ABF2487A-8DD2-4BB9-943C-947FE397407B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{AF68310C-57A5-474D-BB64-30CEB33400CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{B3107E25-8D6F-47B1-8ACB-5FFDD3FE4EC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{B50BDC0F-EA81-4260-94CB-2DF4F224BC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B9045163-BD13-4E00-8AE1-BE602E58098F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{BF8C7A4F-9CB8-490D-8272-A0412C462103}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C066D943-88AD-4392-9503-0706D5A1B329}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{C469F18F-7E29-4AF8-AAD8-2BE2392974BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{CB9F3E81-584F-4E24-B519-412772466BF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBE13747-01FE-4BAE-B407-609E4A3C30D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CCA8D004-408C-4B10-87FE-EB3D5607EA5C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{D1512B9B-8879-4205-88EE-BB8178DB6C84}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DB7D03BB-F17B-43EA-8838-C9F030D052BF}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{DD0007D2-8AD1-493A-B8B3-EEE759A6CEF4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE399FEF-801B-4471-88D2-D10751F97605}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe |
"{E203DC0B-FC41-4695-930E-686BC2738AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{E9CAAE1E-3210-47C5-A4B3-65713CB6B79F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC46B8CC-BB20-4EAD-BE39-947EA70E6EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{F1267259-0F28-4D8F-9EC6-FAD2F3583F89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{F2AFB554-4258-4AAB-A00A-8025C15281AD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F5AB9EFC-1BE2-4D71-A4A5-7B1C3490CCDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F80CAC7B-D30E-40C1-A6B2-EF6252740A0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nexus the jupiter incident\runme.exe |
"{FC0D3525-AEB0-4AE7-957A-82F28D5505B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{454454F0-FF35-4742-B9DD-4047F65E43EC}C:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"TCP Query User{456B6FC0-7CD0-455C-B7B0-5C272A2B08CB}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{518410FE-5957-4492-BFC8-DF1D7EAF8D77}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{246F05C9-E9F7-49E7-A757-76120E46BE98}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{BD60AE4F-8AB8-426D-9BED-403F6D44146D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{C1110DC8-35C1-423B-A5DE-88E4307EEE81}C:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Blender" = Blender
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019849AD-14F2-4F85-9D6C-BBA341391186}" = WOT Statistics
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 6.0030
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2A14D7BC-1876-4B38-830B-18856C27F550}" = WebCam Installer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51722911-C391-4118-97BF-B50100D2AB15}_is1" = Gephi 0.8.2
"{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82F99DC9-389A-4528-940C-88248731A620}" = THX TruStudio Pro
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A2201542-DA80-457F-8BD9-6C9C90196481}" = ChiconyCam
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.143
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.2
"BitTorrent" = BitTorrent
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dark Basic Pro Free" = Dark Basic Pro Free 1.9
"EVE" = EVE Online (remove only)
"foobar2000" = foobar2000 v1.2.2
"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 6.0030
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}" = WebCam Installer
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"Jaangle music management" = Jaangle music management
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBrainz Picard" = MusicBrainz Picard
"N360" = Norton Security Suite
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Steam App 10500" = Empire: Total War
"Steam App 107100" = Bastion
"Steam App 201790" = Orcs Must Die! 2
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 206500" = AirMech
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 4560" = Company of Heroes
"Steam App 4920" = Natural Selection 2
"Steam App 50300" = Spec Ops: The Line
"Steam App 55230" = Saints Row: The Third
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6420" = Nexus: The Jupiter Incident
"TheSage" = TheSage
"Wubi" = Ubuntu
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
"fc418bf9b18f76aa" = Ghost Recon Online (NCSA-Live)
"SOE-C:/Users/james/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"soe-PlanetSide 2" = PlanetSide 2
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/7/2013 8:05:04 PM | Computer Name = jamesv3-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/7/2013 9:55:26 PM | Computer Name = jamesv3-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/8/2013 12:20:49 AM | Computer Name = jamesv3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x51114faf Faulting module name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x51114faf Exception code: 0xc0000005 Fault offset: 0x007ed9f0 Faulting process
id: 0x1538 Faulting application start time: 0x01ce059fcfc0c323 Faulting application
path: C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\PlanetSide2.exe
Faulting
module path: C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide
2\PlanetSide2.exe Report Id: ea4c58e8-71a6-11e2-950b-0090f5dba501
Error - 2/8/2013 9:17:30 AM | Computer Name = jamesv3-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/8/2013 4:25:57 PM | Computer Name = jamesv3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x5114619b Faulting module name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x5114619b Exception code: 0xc0000005 Fault offset: 0x007ed9f0 Faulting process
id: 0x15c4 Faulting application start time: 0x01ce0633d0622f42 Faulting application
path: C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\PlanetSide2.exe
Faulting
module path: C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide
2\PlanetSide2.exe Report Id: be235fcf-722d-11e2-aaa2-0090f5dba501
Error - 2/9/2013 1:52:39 AM | Computer Name = jamesv3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x5114619b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x6f435c61 Faulting process id: 0x1724 Faulting application
start time: 0x01ce066f2528d50c Faulting application path: C:\Users\Public\Sony Online
Entertainment\Installed Games\PlanetSide 2\PlanetSide2.exe Faulting module path:
unknown Report Id: e924c58f-727c-11e2-aaa2-0090f5dba501
Error - 2/9/2013 3:05:49 PM | Computer Name = jamesv3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x5114619b Faulting module name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x5114619b Exception code: 0xc0000005 Fault offset: 0x007ed9f0 Faulting process
id: 0x1bd4 Faulting application start time: 0x01ce06ef6f2213ef Faulting application
path: C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\PlanetSide2.exe
Faulting
module path: C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide
2\PlanetSide2.exe Report Id: b6cd0b49-72eb-11e2-aaa2-0090f5dba501
Error - 2/10/2013 11:14:14 PM | Computer Name = jamesv3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x5114619b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000400 Faulting process id: 0x19fc Faulting application
start time: 0x01ce080179b8d4aa Faulting application path: C:\Users\Public\Sony Online
Entertainment\Installed Games\PlanetSide 2\PlanetSide2.exe Faulting module path:
unknown Report Id: 1c19ec38-73f9-11e2-aaa2-0090f5dba501
Error - 2/11/2013 12:36:20 AM | Computer Name = jamesv3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x5114619b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000002 Faulting process id: 0xe94 Faulting application
start time: 0x01ce0805f11793b6 Faulting application path: C:\Users\Public\Sony Online
Entertainment\Installed Games\PlanetSide 2\PlanetSide2.exe Faulting module path:
unknown Report Id: 94bd112b-7404-11e2-aaa2-0090f5dba501
Error - 2/11/2013 2:03:23 PM | Computer Name = jamesv3-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 2/13/2013 3:44:50 PM | Computer Name = jamesv3-PC | Source = Service Control Manager | ID = 7031
Description = The Task Scheduler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 2/13/2013 3:44:50 PM | Computer Name = jamesv3-PC | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.
Error - 2/13/2013 3:44:50 PM | Computer Name = jamesv3-PC | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 2/13/2013 3:44:50 PM | Computer Name = jamesv3-PC | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.
Error - 2/13/2013 3:44:50 PM | Computer Name = jamesv3-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.
Error - 2/13/2013 3:46:15 PM | Computer Name = jamesv3-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056
Error - 2/13/2013 3:46:50 PM | Computer Name = jamesv3-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056
Error - 2/13/2013 3:46:50 PM | Computer Name = jamesv3-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056
Error - 2/13/2013 3:46:50 PM | Computer Name = jamesv3-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the IKE and AuthIP IPsec Keying
Modules service, but this action failed with the following error: %%1056
Error - 2/13/2013 3:46:50 PM | Computer Name = jamesv3-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the User Profile Service service,
but this action failed with the following error: %%1056
< End of report >
I appreciate any help you guys can offer, thanks.