Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something raising CPU and Memory usage making computer go slower.


  • This topic is locked This topic is locked
23 replies to this topic

#1 Sotyr

Sotyr

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 08 December 2012 - 05:46 PM

http://www.bleepingcomputer.com/forums/topic477533.html/page__p__2913980#entry2913980 As seen in there I've used MBAM, TDSSKiller, Eset, aswMBR and MiniToolBox, (After using RKill) I'm not sure if this is a problem I was bored and decided to look at the forums I didn't run anything and came across this topic http://www.bleepingcomputer.com/forums/topic477260.html and I have winlogon.exe, csrss.exe, and atiedxx.exe Open with no description and unable to open properties or file location.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Skeith at 14:38:46 on 2012-12-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2267 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxebcoms.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Google Update] "C:\Users\Skeith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Skeith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0961BF4F-B5B2-4E08-81B2-B3868388C2CC} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2012-11-19 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2012-11-19 262656]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-30 55856]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2012-11-19 132864]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-11-19 21136]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-31 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-31 370288]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-30 202752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-31 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-31 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-31 44808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-11-19 133912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 lxeb_device;lxeb_device;C:\Windows\System32\lxebcoms.exe -service --> C:\Windows\System32\lxebcoms.exe -service [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-3-30 320040]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-10 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe [2010-4-14 45736]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-30 1691848]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-1-29 36720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-7 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-08 06:41:25 -------- d-----w- C:\Program Files (x86)\ESET
2012-12-08 06:38:09 0 ----a-w- C:\Windows\SysWow64\sho682F.tmp
2012-12-07 11:02:16 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{144DBA4C-9693-4016-A791-D60953263114}\mpengine.dll
2012-12-01 02:21:46 -------- d-----w- C:\Users\Skeith\AppData\Local\Apple Computer
2012-12-01 02:21:41 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-12-01 02:21:17 -------- d-----w- C:\Program Files\iPod
2012-12-01 02:21:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-01 02:21:15 -------- d-----w- C:\Program Files\iTunes
2012-12-01 02:21:15 -------- d-----w- C:\Program Files (x86)\iTunes
2012-12-01 02:20:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-01 02:20:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-01 02:20:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-01 02:20:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-01 02:20:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-01 02:20:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-01 02:20:42 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-01 02:19:09 -------- d-----w- C:\Users\Skeith\AppData\Local\Apple
2012-12-01 02:18:17 -------- d-----w- C:\Program Files\Bonjour
2012-12-01 02:18:17 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-11-28 11:16:28 0 ----a-w- C:\Windows\SysWow64\sho5967.tmp
2012-11-25 08:05:31 -------- d-----w- C:\Users\Skeith\AppData\Roaming\OpenOffice.org
2012-11-25 08:03:10 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-11-22 17:59:13 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-11-22 02:50:00 -------- d-----w- C:\Users\Skeith\AppData\Roaming\Clickteam
2012-11-22 02:49:57 -------- d-----w- C:\Program Files (x86)\Install Creator
2012-11-19 23:38:02 132864 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-11-19 23:37:41 262656 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-11-19 23:37:40 21136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-11-19 23:37:39 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-11-19 16:47:52 -------- d-----r- C:\Program Files (x86)\Skype
2012-11-16 11:24:59 0 ----a-w- C:\Windows\SysWow64\sho93F0.tmp
2012-11-15 11:05:56 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 11:05:56 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 11:05:56 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 11:05:56 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 11:00:48 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 11:00:48 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 11:00:47 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 11:00:47 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 11:00:44 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 11:00:44 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 11:00:43 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 05:00:32 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-11-15 04:59:58 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-11-14 21:19:06 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-11-14 21:18:54 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-11-14 21:18:54 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-11-14 21:18:50 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-11-14 21:18:30 188128 ----a-w- C:\ProgramData\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-11-14 21:17:22 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-11-14 21:16:50 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-11-14 21:16:50 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-11-13 08:00:09 -------- d-----w- C:\Users\Skeith\AppData\Roaming\.mono
2012-11-13 08:00:09 -------- d-----w- C:\ProgramData\.mono
2012-11-13 07:59:18 -------- d-----w- C:\Users\Skeith\AppData\Roaming\Pokémon Trading Card Game Online
2012-11-12 18:45:53 -------- d-----w- C:\ProgramData\AVS4YOU
2012-11-12 18:45:45 -------- d-----w- C:\Users\Skeith\AppData\Roaming\AVS4YOU
2012-11-12 18:44:06 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2012-11-12 18:44:02 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-11-12 18:44:02 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2012-11-10 05:52:05 -------- d-----w- C:\Windows\SysWow64\BestPractices
2012-11-10 05:52:04 -------- d-----w- C:\Windows\System32\BestPractices
2012-11-10 05:52:04 -------- d-----w- C:\inetpub
2012-11-09 21:47:59 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-11-09 20:33:18 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2012-11-09 20:33:18 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2012-11-09 20:33:18 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-11-09 20:33:18 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-11-09 20:33:17 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-11-09 19:48:02 -------- d-----w- C:\Users\Skeith\.swt
.
==================== Find3M ====================
.
2012-11-04 23:34:51 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-04 23:34:47 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-04 23:34:47 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-04 02:16:30 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-04 02:16:29 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-04 02:16:29 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-10-30 22:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 22:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 15:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-28 18:32:56 5989776 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-09-28 18:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 14:39:33.81 ===============

Edited by Sotyr, 08 December 2012 - 07:29 PM.


BC AdBot (Login to Remove)

 


#2 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:12:44 PM

Posted 09 December 2012 - 07:22 AM

Hello Sotyr :)

I will be helping with your computer problems.

Before to start please note the following:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know
  • Do not make any changes on your own to the computer (installing/uninstall programs, deleting files, modifying the registry, running scanners or other tools, etc.) without instructions to do it
  • Please read every post completely and perform all steps in the specified order. If you can't understand something or you encounter problems please stop and let me know
  • Do not attach logs, use code or quote boxes. Just copy and paste the text unless directed otherwise
  • Even if things appear to be better, it does not mean we have finished. Follow my instructions and reply back until I tell you that your computer is clean.
  • Please reply using the Add Reply button in the lower right hand corner of your screen
  • Please track this topic by clicking on the Watch Topic button on the top right on this tread => select Immediate Email Notification => click on Proceed button
I'm analyzing your logs, I will get back to you as soon as possible.


Regards

#3 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 09 December 2012 - 11:33 AM

I have not solved the problem. and Okay

#4 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:12:44 PM

Posted 11 December 2012 - 04:31 PM

Hello Sotyr :),

please download ComboFix then

  • Close/disable all anti-virus and anti-malware programs. Refer to this page if you are not sure how
  • Close any open windows
  • Double click on ComboFix.exe and follow the prompts
  • During the scan leave your computer alone and do not mouseclick combofix's window, it may cause it to stall
  • If ComboFix asks to restart your computer, allow it to do so
  • When finished, it will produce and display a report; close it
When done, copy the C:\ComboFix.txt file content and paste it in your next reply.


Regards

#5 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 12 December 2012 - 12:23 PM

Sorry I didn't get this to you yesterday, Computer was in use all day

ComboFix 12-12-10.01 - Skeith 12/12/2012 8:48.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2240 [GMT -8:00]
Running from: c:\users\Skeith\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Skeith\AppData\Roaming\Love
c:\users\Skeith\AppData\Roaming\Love\mari0\options.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-11-12 to 2012-12-12 )))))))))))))))))))))))))))))))
.
.
2012-12-12 17:01 . 2012-12-12 17:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-12 17:01 . 2012-12-12 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 17:01 . 2012-12-12 17:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-12-12 17:00 . 2012-12-12 17:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-12 11:21 . 2012-12-12 11:21 0 ----a-w- c:\windows\SysWow64\shoABEB.tmp
2012-12-12 00:18 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 00:18 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 00:16 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 00:16 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 00:16 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 00:16 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-12 00:16 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 00:16 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 00:16 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-11 11:36 . 2012-12-12 12:23 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D4606D7-D569-44EF-9A06-59D056E7E351}\offreg.dll
2012-12-11 11:35 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D4606D7-D569-44EF-9A06-59D056E7E351}\mpengine.dll
2012-12-11 05:48 . 2012-12-11 05:48 -------- d-----w- c:\users\Skeith\AppData\Roaming\RealNetworks
2012-12-11 05:48 . 2012-12-11 05:48 -------- d-----w- c:\program files (x86)\RealNetworks
2012-12-11 05:48 . 2012-12-11 05:48 -------- d-----w- c:\programdata\RealNetworks
2012-12-11 05:47 . 2012-12-11 05:47 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-12-11 05:47 . 2012-12-11 05:47 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-12-11 05:47 . 2012-12-11 05:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-12-08 06:41 . 2012-12-08 06:41 -------- d-----w- c:\program files (x86)\ESET
2012-12-08 06:38 . 2012-12-08 06:38 0 ----a-w- c:\windows\SysWow64\sho682F.tmp
2012-12-01 02:21 . 2012-12-01 04:33 -------- d-----w- c:\users\Skeith\AppData\Local\Apple Computer
2012-12-01 02:21 . 2012-12-01 04:34 -------- d-----w- c:\users\Skeith\AppData\Roaming\Apple Computer
2012-12-01 02:21 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-01 02:19 . 2012-12-01 02:19 -------- d-----w- c:\users\Skeith\AppData\Local\Apple
2012-12-01 02:19 . 2012-12-01 02:19 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-12-01 02:18 . 2012-12-01 02:22 -------- d-----w- c:\program files\Common Files\Apple
2012-12-01 02:18 . 2012-12-01 02:18 -------- d-----w- c:\program files (x86)\Bonjour
2012-12-01 02:18 . 2012-12-01 02:18 -------- d-----w- c:\program files\Bonjour
2012-12-01 02:18 . 2012-12-01 02:22 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-12-01 02:18 . 2012-12-01 02:19 -------- d-----w- c:\programdata\Apple
2012-11-30 05:18 . 2012-11-30 05:23 -------- d-----w- c:\users\Skeeith
2012-11-28 11:16 . 2012-11-28 11:16 0 ----a-w- c:\windows\SysWow64\sho5967.tmp
2012-11-25 08:05 . 2012-11-25 08:05 -------- d-----w- c:\users\Skeith\AppData\Roaming\OpenOffice.org
2012-11-25 08:03 . 2012-11-25 08:03 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-11-25 03:49 . 2012-11-25 03:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-22 17:59 . 2008-05-08 03:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-11-22 02:50 . 2012-11-22 08:02 -------- d-----w- c:\users\Skeith\AppData\Roaming\Clickteam
2012-11-22 02:49 . 2012-11-22 02:49 -------- d-----w- c:\program files (x86)\Install Creator
2012-11-19 23:37 . 2012-10-30 22:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-11-19 16:47 . 2012-11-25 03:49 -------- d-----r- c:\program files (x86)\Skype
2012-11-16 11:24 . 2012-11-16 11:24 0 ----a-w- c:\windows\SysWow64\sho93F0.tmp
2012-11-16 11:04 . 2012-11-16 11:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-11-15 11:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 11:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 11:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 11:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 11:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 11:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 11:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 11:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 11:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 11:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 11:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 05:02 . 2012-11-15 05:02 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-11-15 05:00 . 2012-11-15 05:00 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-11-15 04:59 . 2012-11-15 04:59 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-11-14 21:19 . 2012-11-14 21:19 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-11-14 21:18 . 2012-11-14 21:18 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-11-14 21:18 . 2012-11-14 21:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-11-14 21:18 . 2012-11-14 21:18 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-11-14 21:18 . 2012-11-16 11:06 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-11-14 21:17 . 2012-11-14 21:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-11-14 21:16 . 2012-11-14 21:16 -------- d-----w- c:\windows\symbols
2012-11-14 21:16 . 2012-11-14 21:16 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-11-14 21:16 . 2012-11-14 21:16 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-11-14 21:16 . 2012-11-14 21:16 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-11-13 08:00 . 2012-11-13 08:00 -------- d-----w- c:\users\Skeith\AppData\Roaming\.mono
2012-11-13 08:00 . 2012-11-13 08:00 -------- d-----w- c:\programdata\.mono
2012-11-13 07:59 . 2012-11-26 01:56 -------- d-----w- c:\users\Skeith\AppData\Roaming\Pokémon Trading Card Game Online
2012-11-12 18:45 . 2012-11-12 18:45 -------- d-----w- c:\programdata\AVS4YOU
2012-11-12 18:45 . 2012-11-12 18:45 -------- d-----w- c:\users\Skeith\AppData\Roaming\AVS4YOU
2012-11-12 18:44 . 2012-11-26 19:50 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-11-12 18:44 . 2012-11-26 19:50 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-11-12 18:44 . 2011-06-23 21:25 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 23:34 . 2012-11-04 23:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-04 23:34 . 2012-05-06 00:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-04 23:34 . 2012-03-31 00:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-04 02:16 . 2012-11-04 02:16 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-04 02:16 . 2012-11-04 02:16 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-04 02:16 . 2012-11-04 02:16 188904 ----a-w- c:\windows\system32\java.exe
2012-11-04 02:16 . 2012-11-04 02:16 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-04 02:16 . 2012-08-27 07:25 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-04 02:16 . 2012-03-31 00:15 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 22:51 . 2012-11-01 06:35 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-11-01 06:35 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-11-01 06:35 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-11-01 06:35 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-11-01 06:35 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-11-01 06:33 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-11-01 06:33 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-11-01 06:35 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 05:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 05:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 05:02 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 15:59 . 2012-11-01 06:35 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-04 16:40 . 2012-12-12 00:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-30 02:54 . 2012-05-06 07:22 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 18:32 . 2012-09-28 18:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 18:32 . 2012-09-28 18:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-11 295072]
.
c:\users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2012-4-28 2647664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-15 45736]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-12-20 1691848]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-15 1052328]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 00:46]
.
2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 00:46]
.
2012-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000Core.job
- c:\users\Skeith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 05:46]
.
2012-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000UA.job
- c:\users\Skeith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 05:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2011-01-24 148280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-82024746.sys
SafeBoot-98262846.sys
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-PMA - c:\users\Skeith\Documents\PMA\Eclipse-Stable\PMA Client foulder\Uninstal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-12 09:17:06
ComboFix-quarantined-files.txt 2012-12-12 17:17
.
Pre-Run: 321,306,759,168 bytes free
Post-Run: 321,283,682,304 bytes free
.
- - End Of File - - BFBFCE20DEDA786062CA614565C86C12

#6 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:12:44 PM

Posted 13 December 2012 - 05:27 PM

Hello Sotyr :),

please follow these instructions.

1- Create a CFScript.txt file
  • Open notepad
  • Copy the following code

    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    
    RegLockDel::
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
  • Paste it into the notepad file
  • Save the file as CFScript.txt and close it
2- Run ComboFix
  • Drag and drop the CFScript file on the ComboFix icon
  • During the scan leave your computer alone and do not mouseclick combofix's window, it may cause it to stall
  • If ComboFix asks to restart your computer, allow it to do so
  • When finished it will produce and display a report
Then please post the C:\ComboFix.txt file contents in your next reply and let me know about CPU performances.


Regards

#7 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 15 December 2012 - 12:40 PM

A little better, Not going as high up in CPU Usage while stuff is open but still high in memory and CPU Usage spiking up high when opening stuff. Also I did the file thing right? (Just double checking)

ComboFix 12-12-14.01 - Skeith 12/15/2012 8:35.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2283 [GMT -8:00]
Running from: c:\users\Skeith\Downloads\ComboFix.exe
Command switches used :: c:\users\Skeith\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-15 16:51 . 2012-12-15 16:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-15 16:51 . 2012-12-15 16:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-15 16:51 . 2012-12-15 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-15 16:51 . 2012-12-15 16:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-12-15 16:29 . 2012-12-15 16:29 -------- d-----w- c:\program files\iPod
2012-12-15 16:29 . 2012-12-15 16:29 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 16:29 . 2012-12-15 16:29 -------- d-----w- c:\program files\iTunes
2012-12-15 16:29 . 2012-12-15 16:29 -------- d-----w- c:\program files (x86)\iTunes
2012-12-14 16:55 . 2012-12-14 16:55 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D26BF9BC-BE4C-4265-AF6D-C2D9B7ED7CBB}\offreg.dll
2012-12-14 10:37 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D26BF9BC-BE4C-4265-AF6D-C2D9B7ED7CBB}\mpengine.dll
2012-12-12 11:21 . 2012-12-12 11:21 0 ----a-w- c:\windows\SysWow64\shoABEB.tmp
2012-12-12 00:18 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 00:18 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 00:16 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 00:16 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 00:16 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 00:16 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-12 00:16 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 00:16 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 00:16 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-11 05:48 . 2012-12-11 05:48 -------- d-----w- c:\users\Skeith\AppData\Roaming\RealNetworks
2012-12-11 05:48 . 2012-12-11 05:48 -------- d-----w- c:\program files (x86)\RealNetworks
2012-12-11 05:48 . 2012-12-11 05:48 -------- d-----w- c:\programdata\RealNetworks
2012-12-11 05:47 . 2012-12-11 05:47 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-12-11 05:47 . 2012-12-11 05:47 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-12-11 05:47 . 2012-12-11 05:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-12-08 06:41 . 2012-12-08 06:41 -------- d-----w- c:\program files (x86)\ESET
2012-12-08 06:38 . 2012-12-08 06:38 0 ----a-w- c:\windows\SysWow64\sho682F.tmp
2012-12-01 02:21 . 2012-12-01 04:33 -------- d-----w- c:\users\Skeith\AppData\Local\Apple Computer
2012-12-01 02:21 . 2012-12-01 04:34 -------- d-----w- c:\users\Skeith\AppData\Roaming\Apple Computer
2012-12-01 02:21 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-01 02:21 . 2012-12-01 02:21 -------- dc----w- c:\windows\system32\DRVSTORE
2012-12-01 02:20 . 2012-12-01 02:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-01 02:20 . 2012-12-01 02:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-01 02:20 . 2012-12-01 02:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-01 02:20 . 2012-12-01 02:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-01 02:20 . 2012-12-01 02:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-01 02:20 . 2012-12-01 02:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-01 02:20 . 2012-12-01 02:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-01 02:20 . 2012-12-01 02:21 -------- d-----w- c:\programdata\Apple Computer
2012-12-01 02:19 . 2012-12-01 02:19 -------- d-----w- c:\users\Skeith\AppData\Local\Apple
2012-12-01 02:19 . 2012-12-01 02:19 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-12-01 02:18 . 2012-12-01 02:22 -------- d-----w- c:\program files\Common Files\Apple
2012-12-01 02:18 . 2012-12-01 02:18 -------- d-----w- c:\program files (x86)\Bonjour
2012-12-01 02:18 . 2012-12-01 02:18 -------- d-----w- c:\program files\Bonjour
2012-12-01 02:18 . 2012-12-15 16:29 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-12-01 02:18 . 2012-12-01 02:19 -------- d-----w- c:\programdata\Apple
2012-11-30 05:18 . 2012-11-30 05:23 -------- d-----w- c:\users\Skeeith
2012-11-28 11:16 . 2012-11-28 11:16 0 ----a-w- c:\windows\SysWow64\sho5967.tmp
2012-11-25 08:05 . 2012-11-25 08:05 -------- d-----w- c:\users\Skeith\AppData\Roaming\OpenOffice.org
2012-11-25 08:03 . 2012-11-25 08:03 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-11-25 03:49 . 2012-11-25 03:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-22 17:59 . 2008-05-08 03:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-11-22 02:50 . 2012-11-22 08:02 -------- d-----w- c:\users\Skeith\AppData\Roaming\Clickteam
2012-11-22 02:49 . 2012-11-22 02:49 -------- d-----w- c:\program files (x86)\Install Creator
2012-11-19 23:37 . 2012-10-30 22:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-11-19 16:47 . 2012-11-25 03:49 -------- d-----r- c:\program files (x86)\Skype
2012-11-16 11:24 . 2012-11-16 11:24 0 ----a-w- c:\windows\SysWow64\sho93F0.tmp
2012-11-16 11:04 . 2012-11-16 11:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 11:06 . 2012-11-14 21:18 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-11-04 23:34 . 2012-11-04 23:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-04 23:34 . 2012-05-06 00:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-04 23:34 . 2012-03-31 00:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-04 02:16 . 2012-11-04 02:16 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-04 02:16 . 2012-11-04 02:16 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-04 02:16 . 2012-11-04 02:16 188904 ----a-w- c:\windows\system32\java.exe
2012-11-04 02:16 . 2012-11-04 02:16 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-04 02:16 . 2012-08-27 07:25 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-04 02:16 . 2012-03-31 00:15 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 22:51 . 2012-11-01 06:35 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-11-01 06:35 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-11-01 06:35 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-11-01 06:35 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-11-01 06:35 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-11-01 06:33 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-11-01 06:33 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-11-01 06:35 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 05:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 05:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 05:02 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 15:59 . 2012-11-01 06:35 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 18:17 . 2012-11-14 13:38 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 13:38 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 13:38 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 13:38 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-04 16:40 . 2012-12-12 00:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 13:38 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 13:38 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 13:38 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 13:38 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 13:38 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 13:38 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 13:38 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 13:38 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 13:38 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 13:38 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 13:38 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-30 02:54 . 2012-05-06 07:22 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 18:32 . 2012-09-28 18:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 18:32 . 2012-09-28 18:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-25 22:47 . 2012-11-14 13:38 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 13:38 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-11 295072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2012-4-28 2647664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-15 45736]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-12-20 1691848]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-15 1052328]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 00:46]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 00:46]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000Core.job
- c:\users\Skeith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 05:46]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000UA.job
- c:\users\Skeith\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 05:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2011-01-24 148280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-15 09:17:27
ComboFix-quarantined-files.txt 2012-12-15 17:17
.
Pre-Run: 323,559,956,480 bytes free
Post-Run: 323,414,212,608 bytes free
.
- - End Of File - - C3B158E7F2D354E4C7EF7932C9424B09

Edited by Sotyr, 15 December 2012 - 03:42 PM.


#8 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:12:44 PM

Posted 16 December 2012 - 11:01 AM

Hello Sotyr,

please download OTL and Save it to your desktop.

Then

  • Double click on the OTL icon on your desktop
  • Click the Scan All Users checkbox
  • Push the Run Scan button
When finished two reports will open, OTL.txt and Extra.txt.
Please copy and paste their contents in your next reply.


Regards

#9 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 16 December 2012 - 02:29 PM

I want to inform you while somebody was on my computer they accidentally downloaded another virus, PC Utilities pro - Optimizer Pro Not the 2010 version though It looks newer, So it might mess with the scan i'm running. I can use RKill to get rid of it for the moment right?

Late Edit: Also Windows is giving me an important message from windows defender (I think I enabled that not sure though) something from win32/fastsaveapp and giving a remove message

http://img211.imageshack.us/img211/8170/pcoptimizer.png

Screen shot of it.
-----------------------------------------
OTL Extras logfile created on: 12/16/2012 11:21:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Skeith\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 38.25% Memory free
7.50 Gb Paging File | 4.89 Gb Available in Paging File | 65.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.91 Gb Total Space | 300.52 Gb Free Space | 66.65% Space Free | Partition Type: NTFS

Computer Name: SHADOWSKEITH-PC | User Name: Skeith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1513539516-666335651-772069544-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{161A9DA7-7DA5-4EE5-A2AC-2990D7E83041}" = rport=138 | protocol=17 | dir=out | app=system |
"{169F5EA8-F9B2-41C0-BA9F-ABD62F1955C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BCD09A6-EDDF-4B9D-A665-07078E77CB81}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3166D106-2B0F-4391-9239-CE6AF85F8447}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40E18096-37BC-423B-BB09-29C91D30170D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45CB89F7-3FBD-47B5-88BC-22D8AAA3C516}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{462D2E02-4A14-4C5B-ACD4-AC1A7FAC154D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4DD14CBD-B721-45B0-A2EE-0B443DC77032}" = rport=445 | protocol=6 | dir=out | app=system |
"{540BE5CE-9933-4E4B-9372-8DF5364266A3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C626802-ADAA-4B6C-BEB3-8F8F19B043B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{5FC6D40F-AB02-40C8-A152-F934A0269006}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{616C56DE-66BC-4771-9594-199198E4E832}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{732009BC-A97C-4F52-BD46-4DDEC09B1EEE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{77C61EFC-FCA5-4886-98FF-16EAB5284F09}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{87465416-18B7-4DE7-823A-6D0D08D9D8D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97489286-004B-4CFE-A6E9-30579C4A697E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A7F9F39E-0E2A-4CD2-B32A-24CBE60CFFFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDDAA5A6-C95D-41B1-B6C6-A37B4CD54637}" = rport=139 | protocol=6 | dir=out | app=system |
"{C6AD513A-93CD-44CC-80B9-C8217C1CCCA7}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1426D9C-93D3-4FF7-A534-1DBF7DE7FD13}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D52138B4-427D-456F-9A79-77F0A741D806}" = lport=137 | protocol=17 | dir=in | app=system |
"{DD23A845-FDB1-451F-B125-B6167D9D4F58}" = lport=445 | protocol=6 | dir=in | app=system |
"{E9F7D140-2FA1-4422-A662-D9673A4ADF85}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5DA84AB-B8F2-4D74-89B6-94EA32F31814}" = rport=137 | protocol=17 | dir=out | app=system |
"{F68196DF-C28A-414B-97AD-08B2A7C2B984}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FA7A7630-B8DE-481C-8F8F-FD46E5C6A211}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DFEFB7-48C3-42EF-A377-B90A6E860B4C}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{04FB6063-EE54-4F96-A201-B18AF9428F4C}" = protocol=17 | dir=in | app=c:\users\skeith\downloads\utorrent.exe |
"{07B7DE22-EC23-41F4-A889-2BC996D6B7D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{0A0C110E-4396-490D-B002-7DC54CF050EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F38DAEE-7A45-4F47-9BDE-0C6DBA96A6A2}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{2232AF85-3CD1-4339-A64F-A884BF23E39B}" = protocol=6 | dir=out | app=system |
"{22AE37D7-E83F-4C95-8667-3BDDEB96E2D6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{24291AF4-56CE-4E4B-BB62-9BE184D10054}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{25C54303-4BD0-4546-85F5-9152FE1436AD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B7E9F6C-7AE5-4ECC-9A13-6D0910A3BE14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{2C1DA319-2035-4ED1-BAA0-396AD7224B11}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2CD8ED36-BA82-4D24-9BC3-DFE1A3FEA2C5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2EDB238B-97C4-428C-9EAD-9FD047FDEFB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FAC26B9-2614-46A5-B491-43407E40DE10}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{313CA669-D8BE-4E7B-8CFE-8BC24E1A6A2E}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{32095A97-CFD8-4DB7-ADAF-8BCAE0A4A200}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{374F77EE-F5ED-4E31-9714-1AFFD822BF82}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{3A799E55-5CAE-4806-B09E-710C7FBA8782}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{3C12FBB9-9895-4235-B63F-840A04B61F22}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3E150291-9D0A-4E34-A004-55FDF28FA03F}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{4059B212-080B-44C2-88EC-DED6C57E8A72}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{437D180C-9882-44E4-8350-EA3A5DCAFBBE}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{46B7D4DC-DAA2-4DE7-90C6-31273DB4D7A0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47E820F0-01FA-4946-8AD0-29B943BAAAAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4A0D05A9-3493-4773-B5BE-E34F305E7974}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{527AE8EA-75DA-4E25-B0CC-00BE26479058}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5381F09E-2A79-4E0E-AA7D-308EA531A5F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{57AA7407-6748-4DC6-90B9-B3DC1777CFD5}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{5DEACDC3-E0A0-46F0-8F45-41413D3F68DA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5E2CAE51-3531-4BC5-8238-C52694683AAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{66E32D29-22C2-4E21-AE8F-2B3D5EF41E34}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{67E0DF6C-2440-4793-AC64-E3AD9A66C573}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{6C75FCBC-80EC-4C29-AB6E-7C11AE324354}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{6FC0D633-B8AB-4A57-8054-AEE0F3FA2784}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E5C873B-3C7B-4753-B720-1085AE2F78F7}" = protocol=6 | dir=in | app=c:\users\skeith\downloads\utorrent.exe |
"{7EABCD0B-CF2C-4049-8247-9600FC4FB7CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F09657C-CC6F-4DC9-B2CC-DE524F991642}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8044F063-9737-4525-947F-2006BD8F8CDA}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{807712D3-2B60-4890-A8D1-EDF714923AA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{82252418-B5C0-451E-BBD5-AE0AFEE5BCC5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe |
"{84256ACC-DB1F-4C12-8F26-B4B2CFDFD67E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe |
"{860A150C-22B3-47E8-AFF0-E4F599C28189}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{86688071-BCF2-47B1-8420-BB3024AB64FB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{89170B37-62DD-44A3-9312-4DF498115B3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90EC59A9-4C6A-47AD-AF74-E1EEFA795711}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{942C36C5-4A43-443C-B042-E211CD7A8B5A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{950A7DA4-861C-48E5-AAD7-9E7D45638AC4}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{97EAC5CD-824E-4BC9-800E-DED626A33A99}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{98145F62-4CA8-4CAE-9D2D-D52F2A95F761}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{99890C7F-83DD-4785-9088-4BEC3BB6A72F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9F916D06-C6BE-4898-AB1C-7D5CF7EB771B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A06FEEAC-56F1-4189-882D-7A3D246B6EB2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{A08E7048-DC87-4F17-9A40-D3CCAE4F0299}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AA214A5C-D9DD-46E4-92AE-D45590FF2080}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B367E5D7-EFEB-49A6-8061-4392CBA156B0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B3DC7B32-ADFC-48F5-85DA-A2157F635D33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{B44D9AF7-5A73-41B5-A780-7BE515193A6C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B531DDDF-0664-405D-A1D0-1B2FE427C326}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B579335A-6F4F-4556-8E9A-471B465E4852}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{B58003E8-92B7-479C-934D-C169CFD162D8}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{B73B50E9-59FD-4CEC-A075-534CDE54EE59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B94244B1-95E8-41F5-A377-571F850946AA}" = protocol=58 | dir=in | app=system |
"{BB19C374-8747-4D46-B0D7-D3482DB51A9B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BE01C618-31D7-4D3F-857F-8127B3194B53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BEA8D82A-9B68-4A7A-B715-1AF7853E2C77}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{BEFB6D79-7E53-475B-A1AB-AB6494689695}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{C1065E69-1F00-421A-AD7F-7E27D98BD527}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe |
"{C8A063E9-B4FA-4043-91B2-7B6B10AEA11E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CB148F87-1005-4C9E-81D2-D124F08FBA85}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{D42B0FC0-4DF9-4F6E-A658-16AF7CB1DFC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{D6192C34-90C0-42EC-B529-DDEE94336C57}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D7CD24C9-0147-4C30-819A-262D377692C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DDFD3A43-2636-45CF-B9FD-A834BBD31652}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E0E4A56C-D4CF-4FB9-B035-BF76FE70E914}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{E5D8D4EA-43FD-4697-B5CF-19AE43649703}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E7EDA8F4-B480-4026-AF06-2CE1E2B4613B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe |
"{E80264BB-8DB2-41CD-93F9-1D18B931D6D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E9079BDC-78F1-47D2-9894-7D1F40A25FFD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ECA9B889-5ADB-4AA5-B16F-30BDF797B8EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{EDA8871D-5B08-4383-B6CD-5B545115FDE0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F08895E7-91EA-438B-B79D-3DD06897A93A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F1FEA583-E92F-415B-AEE8-CD0EFDD4893A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"TCP Query User{111776E4-E2FD-402C-8565-D33DA690C71C}C:\users\skeith\downloads\indie\slender\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\skeith\downloads\indie\slender\survivers_beta_3.exe |
"TCP Query User{1AB79134-99D6-42E6-9550-8F5C94283094}C:\users\skeith\documents\pma\eclipse-stable\server\server.exe" = protocol=6 | dir=in | app=c:\users\skeith\documents\pma\eclipse-stable\server\server.exe |
"TCP Query User{1DE616F7-89B2-44EB-B4BD-7AE547B8B336}C:\program files (x86)\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files (x86)\byond\bin\byond.exe |
"TCP Query User{2321BCD4-0411-48DC-8E91-094DFAAF14F6}C:\users\skeith\documents\demons land\eclipse-stable\server\server.exe" = protocol=6 | dir=in | app=c:\users\skeith\documents\demons land\eclipse-stable\server\server.exe |
"TCP Query User{2434B66C-124F-4AFC-9355-9C08B3A1A97F}C:\users\skeith\documents\my games\mmos\mmos_server.exe" = protocol=6 | dir=in | app=c:\users\skeith\documents\my games\mmos\mmos_server.exe |
"TCP Query User{26F6529E-CA93-471C-AC66-C9ABD61BDF6A}C:\users\skeith\documents\emu\gba\vba-m\visualboyadvance.exe" = protocol=6 | dir=in | app=c:\users\skeith\documents\emu\gba\vba-m\visualboyadvance.exe |
"TCP Query User{271C5D9B-E45A-4BEF-9B53-D1268E1C8534}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{305CB39A-CECA-4409-8340-B29BC6A2F15E}C:\users\skeith\documents\emu\snes\zsnesw.exe" = protocol=6 | dir=in | app=c:\users\skeith\documents\emu\snes\zsnesw.exe |
"TCP Query User{3CEC5D93-056A-473C-BA12-375EDF80CF14}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe |
"TCP Query User{3D811BA6-10B7-473F-A622-312E01DC66E5}C:\users\skeith\documents\pma\sadsa\server\server.exe" = protocol=6 | dir=in | app=c:\users\skeith\documents\pma\sadsa\server\server.exe |
"TCP Query User{3EFC643D-2685-4ADE-939C-38D3B71EA51E}C:\users\skeith\appdata\local\temp\rar$exa0.870\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\skeith\appdata\local\temp\rar$exa0.870\survivers_beta_3.exe |
"TCP Query User{74B0A2BF-6DC3-4107-A919-E053F730E457}C:\users\skeith\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\skeith\downloads\utorrent.exe |
"TCP Query User{87E35655-DBF3-4C8A-87C9-0A25EBC9970D}C:\users\skeith\documents\demons land\eclipse - event system 2.3\server\server.exe" = protocol=6 | dir=in | app=c:\users\skeith\documents\demons land\eclipse - event system 2.3\server\server.exe |
"TCP Query User{9A8A9C3D-3AC5-4A07-B57F-A4946981E1ED}C:\users\skeith\downloads\nosteam\dishonored nosteam\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\users\skeith\downloads\nosteam\dishonored nosteam\binaries\win32\dishonored.exe |
"TCP Query User{A5AC8827-E9E6-4110-91BF-FC5059C06B3E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A6BFA6B3-0B5B-4DCE-92A0-6C71F3C01D3C}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{A81B85F0-F827-4206-9511-6B67CF140A67}C:\users\skeith\downloads\indie\slender\survivers\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\skeith\downloads\indie\slender\survivers\survivers_beta_3.exe |
"TCP Query User{C88C3DC7-9273-40D7-9DEF-17D94CF60017}C:\users\skeith\documents\pma\eclipse-stable\extra servers\testing server\server.exe" = protocol=6 | dir=in | app=c:\users\skeith\documents\pma\eclipse-stable\extra servers\testing server\server.exe |
"TCP Query User{D8859D67-EC3C-4EC7-B104-3C6DF450F8D6}C:\users\skeith\documents\demons land\eclipse advance\eclipse advanced v3.0.21\server\eclipse advanced - server.exe" = protocol=6 | dir=in | app=c:\users\skeith\documents\demons land\eclipse advance\eclipse advanced v3.0.21\server\eclipse advanced - server.exe |
"TCP Query User{DC121692-D9A2-4F24-82E0-7850084D5DE6}C:\users\skeith\documents\pokemon mystery universe\eclipse-stable\server\server.exe" = protocol=6 | dir=in | app=c:\users\skeith\documents\pokemon mystery universe\eclipse-stable\server\server.exe |
"TCP Query User{DC7F766A-268D-4BE8-BD43-2B6378E7AFA0}C:\program files (x86)\steam\steamapps\sotyrrocks\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\sotyrrocks\team fortress 2\hl2.exe |
"TCP Query User{E6A52EC1-8B58-43A0-8A25-046D67AEFDA7}C:\users\skeith\downloads\nosteam\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\users\skeith\downloads\nosteam\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe |
"TCP Query User{FAD5A8FD-6DCA-4393-97BA-EE56E03CA273}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{08754C42-8400-45BA-8B68-2F63C0797B6E}C:\users\skeith\downloads\indie\slender\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\skeith\downloads\indie\slender\survivers_beta_3.exe |
"UDP Query User{0A7F8590-00D4-402F-8378-7641BF1B20B5}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{1F5BCE3D-E0D1-4B08-B82C-0A9223C1B74C}C:\program files (x86)\steam\steamapps\sotyrrocks\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\sotyrrocks\team fortress 2\hl2.exe |
"UDP Query User{222D6E07-39F0-48F6-8DDF-FB17391D7698}C:\users\skeith\downloads\indie\slender\survivers\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\skeith\downloads\indie\slender\survivers\survivers_beta_3.exe |
"UDP Query User{308CA5A6-4B5B-40C5-9E90-1BF6BCFEBD66}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{34202777-C327-4511-BE57-ED77E1729D20}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe |
"UDP Query User{489B872B-5CB5-4824-B9DA-C49B11EE98FF}C:\users\skeith\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\skeith\downloads\utorrent.exe |
"UDP Query User{4B6637DC-3C28-4DAF-BBC1-AD3955DC9900}C:\users\skeith\documents\emu\snes\zsnesw.exe" = protocol=17 | dir=in | app=c:\users\skeith\documents\emu\snes\zsnesw.exe |
"UDP Query User{5783E6B7-C897-46BB-8630-DE231206434E}C:\users\skeith\downloads\nosteam\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\users\skeith\downloads\nosteam\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{60725124-5DB7-4685-B5B9-5F945198CFE0}C:\users\skeith\documents\my games\mmos\mmos_server.exe" = protocol=17 | dir=in | app=c:\users\skeith\documents\my games\mmos\mmos_server.exe |
"UDP Query User{6F3992E7-470F-4C38-9D67-913A33C70BA6}C:\users\skeith\downloads\nosteam\dishonored nosteam\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\users\skeith\downloads\nosteam\dishonored nosteam\binaries\win32\dishonored.exe |
"UDP Query User{800C7653-DC84-4095-8C47-FADC82F25F7A}C:\users\skeith\documents\pma\eclipse-stable\server\server.exe" = protocol=17 | dir=in | app=c:\users\skeith\documents\pma\eclipse-stable\server\server.exe |
"UDP Query User{813BC414-391A-4A4C-B6FB-CA4A8F2B7190}C:\users\skeith\documents\demons land\eclipse-stable\server\server.exe" = protocol=17 | dir=in | app=c:\users\skeith\documents\demons land\eclipse-stable\server\server.exe |
"UDP Query User{8D8463C7-1668-41AC-BA5B-2B966B1E9E9A}C:\users\skeith\documents\pma\eclipse-stable\extra servers\testing server\server.exe" = protocol=17 | dir=in | app=c:\users\skeith\documents\pma\eclipse-stable\extra servers\testing server\server.exe |
"UDP Query User{93494787-C3BC-44AC-9AA4-C79D5632C274}C:\users\skeith\documents\demons land\eclipse advance\eclipse advanced v3.0.21\server\eclipse advanced - server.exe" = protocol=17 | dir=in | app=c:\users\skeith\documents\demons land\eclipse advance\eclipse advanced v3.0.21\server\eclipse advanced - server.exe |
"UDP Query User{98E9554C-9EA6-46A0-B469-D019EC6ABAD9}C:\users\skeith\documents\demons land\eclipse - event system 2.3\server\server.exe" = protocol=17 | dir=in | app=c:\users\skeith\documents\demons land\eclipse - event system 2.3\server\server.exe |
"UDP Query User{B6CC7FD3-4119-4537-A6F3-067C1C111CB9}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{E8292B26-92C1-42FF-80C8-C557CD204502}C:\users\skeith\documents\pokemon mystery universe\eclipse-stable\server\server.exe" = protocol=17 | dir=in | app=c:\users\skeith\documents\pokemon mystery universe\eclipse-stable\server\server.exe |
"UDP Query User{E8E106D9-6DE0-43BF-B378-1B9F94563A2A}C:\users\skeith\documents\emu\gba\vba-m\visualboyadvance.exe" = protocol=17 | dir=in | app=c:\users\skeith\documents\emu\gba\vba-m\visualboyadvance.exe |
"UDP Query User{EA3FE707-140F-47C7-B861-421E8D87D6B2}C:\users\skeith\documents\pma\sadsa\server\server.exe" = protocol=17 | dir=in | app=c:\users\skeith\documents\pma\sadsa\server\server.exe |
"UDP Query User{EDCC2108-AFCB-4462-BDD5-80D36CB1C727}C:\users\skeith\appdata\local\temp\rar$exa0.870\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\skeith\appdata\local\temp\rar$exa0.870\survivers_beta_3.exe |
"UDP Query User{F6E895C2-9006-499C-BCB5-397CF456A412}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{FA3FF1AB-F77C-4B43-ABEA-021B52B2606C}C:\program files (x86)\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files (x86)\byond\bin\byond.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"OptimizerPro" = OptimizerPro
"PC-Doctor for Windows" = Dell Support Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F99CA59-7CB4-4167-A43A-4B1D5E584281}" = Dell Stage
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{16726771-C380-4280-BAF9-1223B3838786}" = SaveAs
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.07
"{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D81F39D4-FDA9-4356-92B1-16081D8BF71A}" = Pokémon Trading Card Game Online
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.07 beta
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"BYOND" = BYOND
"ESET Online Scanner" = ESET Online Scanner v3
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"Install Creator" = Install Creator
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"ManyCam" = ManyCam 3.0.80 (remove only)
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Optimizer Pro_is1" = Optimizer Pro v3.0
"RealPlayer 16.0" = RealPlayer
"RGSS-RTP Standard_is1" = RGSS-RTP Standard
"SP_8e4eb48d" = Search Assistant MocaFlix 1.66
"Steam App 204360" = Castle Crashers
"Steam App 21690" = Resident Evil 5
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Synthesia" = Synthesia (remove only)
"Uplay" = Uplay
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1513539516-666335651-772069544-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Skeith
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2012 10:22:01 PM | Computer Name = ShadowSkeith-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 11/22/2012 10:22:01 PM | Computer Name = ShadowSkeith-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 11/22/2012 10:22:01 PM | Computer Name = ShadowSkeith-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 11/22/2012 10:22:01 PM | Computer Name = ShadowSkeith-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 11/22/2012 10:22:01 PM | Computer Name = ShadowSkeith-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 11/22/2012 10:22:01 PM | Computer Name = ShadowSkeith-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 11/22/2012 10:22:01 PM | Computer Name = ShadowSkeith-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 11/22/2012 10:22:01 PM | Computer Name = ShadowSkeith-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 11/22/2012 10:22:01 PM | Computer Name = ShadowSkeith-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 11/22/2012 10:22:02 PM | Computer Name = ShadowSkeith-PC | Source = Sound Recorder | ID = 65535
Description =

Error - 11/22/2012 10:22:02 PM | Computer Name = ShadowSkeith-PC | Source = Sound Recorder | ID = 65535
Description =

[ System Events ]
Error - 8/14/2012 10:08:22 PM | Computer Name = ShadowSkeith-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MSCamSvc
service to connect.

Error - 8/14/2012 10:08:22 PM | Computer Name = ShadowSkeith-PC | Source = Service Control Manager | ID = 7000
Description = The MSCamSvc service failed to start due to the following error: %%1053

Error - 8/14/2012 10:10:16 PM | Computer Name = ShadowSkeith-PC | Source = Service Control Manager | ID = 7034
Description = The SoftThinks Agent Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/14/2012 10:12:02 PM | Computer Name = ShadowSkeith-PC | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/16/2012 6:19:54 AM | Computer Name = ShadowSkeith-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Application
Virtualization Client service to connect.

Error - 8/16/2012 6:19:54 AM | Computer Name = ShadowSkeith-PC | Source = Service Control Manager | ID = 7000
Description = The Application Virtualization Client service failed to start due
to the following error: %%1053

Error - 8/16/2012 6:19:54 AM | Computer Name = ShadowSkeith-PC | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1053

Error - 8/16/2012 6:20:37 AM | Computer Name = ShadowSkeith-PC | Source = Service Control Manager | ID = 7034
Description = The SoftThinks Agent Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/18/2012 1:32:37 AM | Computer Name = ShadowSkeith-PC | Source = DCOM | ID = 10016
Description =

Error - 8/18/2012 1:32:37 AM | Computer Name = ShadowSkeith-PC | Source = DCOM | ID = 10016
Description =


< End of report >



OTL logfile created on: 12/16/2012 11:21:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Skeith\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 38.25% Memory free
7.50 Gb Paging File | 4.89 Gb Available in Paging File | 65.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.91 Gb Total Space | 300.52 Gb Free Space | 66.65% Space Free | Partition Type: NTFS

Computer Name: SHADOWSKEITH-PC | User Name: Skeith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/16 11:21:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Skeith\Downloads\OTL.exe
PRC - [2012/12/10 21:47:44 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/04 17:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/29 20:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/30 14:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/21 20:25:16 | 024,517,936 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe
PRC - [2012/09/19 06:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe
PRC - [2011/12/20 15:32:56 | 002,750,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/04 17:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 17:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 17:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 17:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 17:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 17:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 17:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 17:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/10/11 02:54:00 | 000,427,520 | ---- | M] () -- c:\Program Files (x86)\MocaFlix\sprotector.dll
MOD - [2011/12/20 15:32:56 | 002,750,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/11/09 15:00:52 | 000,520,234 | ---- | M] () -- C:\Program Files (x86)\Optimizer Pro\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/04 18:38:04 | 001,242,112 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2010/12/04 18:38:02 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/04/14 18:56:24 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010/04/14 18:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV:64bit: - [2009/07/14 22:14:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/12 22:20:10 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/20 15:32:48 | 001,691,848 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/11/20 19:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 19:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 19:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/04/14 18:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2010/04/14 13:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 14:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 14:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 14:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 14:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 14:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 14:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 07:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/30 17:44:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/30 17:44:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 02:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/10 22:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/19 00:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/29 00:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/09/30 22:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/15 00:23:30 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 01:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS482
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms}
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Skeith\AppData\Local\Roblox\Versions\version-5acc042b77fe4879\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Skeith\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Skeith\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll ( )
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/31 22:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/10 21:48:15 | 000,000,000 | ---D | M]

[2012/05/31 16:50:14 | 000,040,960 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.51_0\
CHR - Extension: No name found = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: No name found = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
CHR - Extension: No name found = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: No name found = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifpanhlgfibckbnjnefgijplpdahkkjj\2_0\
CHR - Extension: No name found = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/12 09:01:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SaveAs Class) - {7DF5B10B-8D9E-0D32-FC3C-128B3EE5F0AA} - C:\ProgramData\SaveAs\50ce0d9839b74.ocx ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1513539516-666335651-772069544-1000..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - Startup: C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0961BF4F-B5B2-4E08-81B2-B3868388C2CC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/16 10:05:07 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Optimizer Pro
[2012/12/16 09:59:37 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Desktop\mom
[2012/12/16 09:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\%Installer_PublisherName%
[2012/12/16 09:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix
[2012/12/16 09:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/12/16 09:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/12/16 09:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/12/16 09:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2012/12/16 09:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
[2012/12/16 09:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/12/16 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Desktop\lesson pla n
[2012/12/15 13:41:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/15 09:17:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/15 08:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 08:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 08:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/15 08:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/15 08:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/12 03:02:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 03:02:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 03:02:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 03:02:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 03:02:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 03:02:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 03:02:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 03:02:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 03:02:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 03:02:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 03:02:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 03:02:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 03:02:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 03:02:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 03:02:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/11 16:17:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/11 16:17:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/11 16:17:25 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/11 16:17:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/11 16:17:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/11 16:17:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/11 16:17:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/11 16:17:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/11 16:17:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/11 16:17:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/11 16:17:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/11 16:17:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/11 16:17:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 16:17:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 16:17:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 16:17:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 16:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 16:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 16:17:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 16:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 16:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 16:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 16:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 16:17:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 16:17:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 16:17:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 16:17:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 16:17:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 16:17:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 16:17:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 16:17:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 16:17:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 16:17:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 16:17:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 16:17:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 16:17:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 16:17:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/11 16:16:08 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/11 16:16:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/11 16:16:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/11 16:16:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/11 16:16:04 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/11 16:16:03 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/11 15:24:21 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Desktop\Blythe
[2012/12/10 21:48:40 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\RealNetworks
[2012/12/10 21:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2012/12/10 21:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2012/12/10 21:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/12/10 21:47:53 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/12/10 21:47:46 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/12/10 21:47:46 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/12/10 21:47:45 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/12/10 21:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/12/10 06:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/12/07 22:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/12/07 20:51:00 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
[2012/11/30 18:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/11/30 18:21:46 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Local\Apple Computer
[2012/11/30 18:21:45 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Apple Computer
[2012/11/30 18:21:41 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/11/30 18:21:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/11/30 18:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/30 18:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/30 18:19:09 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Local\Apple
[2012/11/30 18:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/11/30 18:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/11/30 18:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/11/30 18:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/11/30 18:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/11/30 18:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/11/25 00:05:31 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\OpenOffice.org
[2012/11/25 00:04:03 | 000,000,000 | --SD | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/11/25 00:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/11/24 19:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/24 19:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/22 11:03:41 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Documents\Telltale Games
[2012/11/22 01:41:15 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PMA
[2012/11/21 18:50:00 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Clickteam
[2012/11/21 18:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Creator
[2012/11/21 18:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Install Creator
[2012/11/21 16:52:44 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Dark Revolution
[2012/11/19 15:37:40 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/11/19 08:47:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/16 11:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000UA.job
[2012/12/16 11:01:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/16 09:49:57 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{486D64E7-B73A-43BC-882A-8F5781DFCE41}.job
[2012/12/16 09:49:51 | 000,001,064 | ---- | M] () -- C:\Users\Skeith\Desktop\Optimizer Pro.lnk
[2012/12/16 09:34:05 | 000,095,503 | ---- | M] () -- C:\Users\Skeith\Desktop\lpView_print.pdf
[2012/12/16 03:00:35 | 000,458,270 | ---- | M] () -- C:\Users\Skeith\Desktop\computers 2011.mht
[2012/12/16 02:57:22 | 000,093,239 | ---- | M] () -- C:\Users\Skeith\Desktop\My Account 2011- View All Orders_jsp.htm
[2012/12/15 23:01:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/15 12:07:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000Core.job
[2012/12/15 12:01:29 | 000,010,729 | ---- | M] () -- C:\Users\Skeith\Desktop\112012paypal.pdf
[2012/12/15 08:29:41 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 22:56:30 | 000,023,085 | ---- | M] () -- C:\Users\Skeith\Documents\Pokemon!.odt
[2012/12/14 12:49:57 | 000,001,360 | ---- | M] () -- C:\Users\Skeith\Desktop\ROBLOX Player.lnk
[2012/12/12 19:08:12 | 000,017,545 | ---- | M] () -- C:\Users\Skeith\Documents\New Canvas.png
[2012/12/12 19:00:07 | 000,319,279 | ---- | M] () -- C:\Users\Skeith\Documents\touch.wma
[2012/12/12 15:22:25 | 000,051,546 | ---- | M] () -- C:\Users\Skeith\Documents\New Canvas2.png
[2012/12/12 09:26:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/12 09:26:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/12 09:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/12 09:18:34 | 3019,091,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/12 09:01:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/12 08:44:58 | 000,001,164 | ---- | M] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut (2).lnk
[2012/12/12 08:44:44 | 000,001,164 | ---- | M] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut.lnk
[2012/12/12 03:22:20 | 000,437,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/10 21:48:20 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/12/10 21:47:53 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/12/10 21:47:46 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/12/10 21:47:46 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/12/10 21:47:45 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/12/10 06:18:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/10 06:18:25 | 000,001,920 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/09 21:08:20 | 000,053,641 | ---- | M] () -- C:\Users\Skeith\Documents\Tyler-The-Bropimp.png
[2012/12/09 20:42:39 | 000,047,756 | ---- | M] () -- C:\Users\Skeith\Documents\MIKEY AND HIS HOT bleep ----------NSFW.png
[2012/12/09 20:28:22 | 000,038,427 | ---- | M] () -- C:\Users\Skeith\Documents\SOTY AND AMBER DOING SOME TYPE OF HORSE TYPE THING ------ NSFW.png
[2012/12/09 20:00:48 | 000,047,904 | ---- | M] () -- C:\Users\Skeith\Documents\WOAH MAN THERE IS A LARGE ABSENCE OF HORSES HERE MAN ------ NSFW.png
[2012/12/08 01:03:36 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012/12/07 21:25:58 | 000,000,512 | ---- | M] () -- C:\Users\Skeith\Desktop\MBR.dat
[2012/12/06 19:43:22 | 000,029,910 | ---- | M] () -- C:\Users\Skeith\Desktop\bingo.jpg
[2012/12/06 19:43:22 | 000,029,910 | ---- | M] () -- C:\Users\Skeith\Desktop\12531_506432942724776_1496741011_n.jpg
[2012/12/01 17:41:10 | 000,032,699 | ---- | M] () -- C:\Users\Skeith\Desktop\garden 2.jpg
[2012/12/01 17:41:10 | 000,027,825 | ---- | M] () -- C:\Users\Skeith\Desktop\garden1.jpg
[2012/11/29 15:10:51 | 000,107,782 | ---- | M] () -- C:\Users\Skeith\Desktop\3 - Community Service-Volunteer Hours_Sheet 10-2006.pdf
[2012/11/29 14:07:17 | 000,007,598 | ---- | M] () -- C:\Users\Skeith\AppData\Local\Resmon.ResmonCfg
[2012/11/28 19:10:52 | 000,205,968 | ---- | M] () -- C:\Users\Skeith\Documents\Lizard's threat 2.png
[2012/11/28 19:10:35 | 000,194,959 | ---- | M] () -- C:\Users\Skeith\Documents\Lizard's threat..png
[2012/11/26 22:55:58 | 001,494,572 | ---- | M] () -- C:\Users\Skeith\Documents\IMG_27112012_015509.png
[2012/11/26 05:56:37 | 000,017,519 | ---- | M] () -- C:\Users\Skeith\Desktop\A point sheet.odt
[2012/11/26 05:56:24 | 000,017,516 | ---- | M] () -- C:\Users\Skeith\Desktop\Angelo A point sheet.odt
[2012/11/25 18:41:00 | 000,002,279 | ---- | M] () -- C:\Users\Skeith\Documents\Scott.odb
[2012/11/25 13:00:57 | 000,025,010 | ---- | M] () -- C:\Users\Public\Documents\Pedophileofage0.png
[2012/11/25 12:31:20 | 000,017,675 | ---- | M] () -- C:\Users\Skeith\Documents\Honchkrow.png
[2012/11/25 08:50:54 | 000,356,339 | ---- | M] () -- C:\Users\Skeith\Desktop\trellises.png
[2012/11/25 01:39:14 | 000,131,072 | ---- | M] () -- C:\Users\Skeith\Documents\Pokemon Emerald.sav
[2012/11/25 01:38:19 | 016,777,216 | ---- | M] () -- C:\Users\Skeith\Documents\Pokemon Emerald.GBA
[2012/11/25 01:11:19 | 000,015,160 | ---- | M] () -- C:\Users\Skeith\Documents\Honchkrow1.png
[2012/11/25 00:06:23 | 000,002,279 | ---- | M] () -- C:\Users\Skeith\Documents\New Database.odb
[2012/11/25 00:05:35 | 000,001,237 | ---- | M] () -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/22 09:17:44 | 000,881,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/22 09:17:44 | 000,733,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/22 09:17:44 | 000,147,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/21 23:51:09 | 003,363,499 | ---- | M] () -- C:\Users\Skeith\Documents\Servant.wma
[2012/11/21 17:39:39 | 000,089,950 | ---- | M] () -- C:\Users\Skeith\Documents\IMG_21112012_193918.png
[2012/11/21 14:00:45 | 001,802,240 | ---- | M] () -- C:\Users\Skeith\Documents\Walburg Energy Alternatives Database.accdb
[2012/11/21 08:41:09 | 000,507,859 | ---- | M] () -- C:\Users\Skeith\Documents\shadoj.wma
[2012/11/21 01:17:51 | 000,040,511 | ---- | M] () -- C:\Users\Skeith\Documents\FAUCK.jpg
[2012/11/21 01:11:48 | 000,120,331 | ---- | M] () -- C:\Users\Skeith\Documents\432122_364411560296090_1619868283_n.jpg
[2012/11/20 21:44:30 | 000,088,440 | ---- | M] () -- C:\Users\Skeith\Documents\Suit.jpg
[2012/11/18 16:35:11 | 000,091,788 | ---- | M] () -- C:\Users\Skeith\Documents\SMILE.jpg
[2012/11/17 01:14:15 | 000,440,509 | ---- | M] () -- C:\Users\Skeith\Documents\Ambercute.wma
[2012/11/16 21:01:34 | 001,223,216 | ---- | M] () -- C:\Users\Skeith\Documents\IMG_16112012_210012.png
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/16 09:49:56 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\OptimizerProUpdaterTask{486D64E7-B73A-43BC-882A-8F5781DFCE41}.job
[2012/12/16 09:49:51 | 000,001,064 | ---- | C] () -- C:\Users\Skeith\Desktop\Optimizer Pro.lnk
[2012/12/16 09:34:05 | 000,095,503 | ---- | C] () -- C:\Users\Skeith\Desktop\lpView_print.pdf
[2012/12/16 03:00:34 | 000,458,270 | ---- | C] () -- C:\Users\Skeith\Desktop\computers 2011.mht
[2012/12/16 02:57:22 | 000,093,239 | ---- | C] () -- C:\Users\Skeith\Desktop\My Account 2011- View All Orders_jsp.htm
[2012/12/15 12:01:29 | 000,010,729 | ---- | C] () -- C:\Users\Skeith\Desktop\112012paypal.pdf
[2012/12/15 08:29:41 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 22:35:16 | 000,023,085 | ---- | C] () -- C:\Users\Skeith\Documents\Pokemon!.odt
[2012/12/12 19:08:10 | 000,017,545 | ---- | C] () -- C:\Users\Skeith\Documents\New Canvas.png
[2012/12/12 18:59:36 | 000,319,279 | ---- | C] () -- C:\Users\Skeith\Documents\touch.wma
[2012/12/12 15:22:07 | 000,051,546 | ---- | C] () -- C:\Users\Skeith\Documents\New Canvas2.png
[2012/12/12 08:44:58 | 000,001,164 | ---- | C] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut (2).lnk
[2012/12/12 08:44:44 | 000,001,164 | ---- | C] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut.lnk
[2012/12/10 21:48:20 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/12/10 06:18:25 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/09 21:08:06 | 000,053,641 | ---- | C] () -- C:\Users\Skeith\Documents\Tyler-The-Bropimp.png
[2012/12/09 20:42:38 | 000,047,756 | ---- | C] () -- C:\Users\Skeith\Documents\MIKEY AND HIS HOT bleep ----------NSFW.png
[2012/12/09 20:28:21 | 000,038,427 | ---- | C] () -- C:\Users\Skeith\Documents\SOTY AND AMBER DOING SOME TYPE OF HORSE TYPE THING ------ NSFW.png
[2012/12/09 20:00:45 | 000,047,904 | ---- | C] () -- C:\Users\Skeith\Documents\WOAH MAN THERE IS A LARGE ABSENCE OF HORSES HERE MAN ------ NSFW.png
[2012/12/07 20:51:00 | 000,001,360 | ---- | C] () -- C:\Users\Skeith\Desktop\ROBLOX Player.lnk
[2012/12/07 20:04:20 | 000,000,512 | ---- | C] () -- C:\Users\Skeith\Desktop\MBR.dat
[2012/12/06 19:46:34 | 000,029,910 | ---- | C] () -- C:\Users\Skeith\Desktop\bingo.jpg
[2012/12/06 19:43:44 | 000,029,910 | ---- | C] () -- C:\Users\Skeith\Desktop\12531_506432942724776_1496741011_n.jpg
[2012/12/01 17:45:20 | 000,032,699 | ---- | C] () -- C:\Users\Skeith\Desktop\garden 2.jpg
[2012/12/01 17:45:13 | 000,027,825 | ---- | C] () -- C:\Users\Skeith\Desktop\garden1.jpg
[2012/11/30 18:19:08 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/11/29 15:10:51 | 000,107,782 | ---- | C] () -- C:\Users\Skeith\Desktop\3 - Community Service-Volunteer Hours_Sheet 10-2006.pdf
[2012/11/29 11:43:36 | 000,007,598 | ---- | C] () -- C:\Users\Skeith\AppData\Local\Resmon.ResmonCfg
[2012/11/28 19:10:37 | 000,205,968 | ---- | C] () -- C:\Users\Skeith\Documents\Lizard's threat 2.png
[2012/11/28 19:10:21 | 000,194,959 | ---- | C] () -- C:\Users\Skeith\Documents\Lizard's threat..png
[2012/11/27 09:04:38 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012/11/26 22:55:26 | 001,494,572 | ---- | C] () -- C:\Users\Skeith\Documents\IMG_27112012_015509.png
[2012/11/26 05:56:35 | 000,017,519 | ---- | C] () -- C:\Users\Skeith\Desktop\A point sheet.odt
[2012/11/26 05:56:22 | 000,017,516 | ---- | C] () -- C:\Users\Skeith\Desktop\Angelo A point sheet.odt
[2012/11/25 18:26:37 | 000,002,279 | ---- | C] () -- C:\Users\Skeith\Documents\Scott.odb
[2012/11/25 13:00:57 | 000,025,010 | ---- | C] () -- C:\Users\Public\Documents\Pedophileofage0.png
[2012/11/25 08:51:57 | 000,356,339 | ---- | C] () -- C:\Users\Skeith\Desktop\trellises.png
[2012/11/25 01:38:44 | 000,131,072 | ---- | C] () -- C:\Users\Skeith\Documents\Pokemon Emerald.sav
[2012/11/25 01:38:04 | 016,777,216 | ---- | C] () -- C:\Users\Skeith\Documents\Pokemon Emerald.GBA
[2012/11/25 01:35:00 | 000,015,160 | ---- | C] () -- C:\Users\Skeith\Documents\Honchkrow1.png
[2012/11/25 01:07:24 | 000,017,675 | ---- | C] () -- C:\Users\Skeith\Documents\Honchkrow.png
[2012/11/25 00:05:58 | 000,002,279 | ---- | C] () -- C:\Users\Skeith\Documents\New Database.odb
[2012/11/25 00:05:35 | 000,001,237 | ---- | C] () -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/21 23:46:26 | 003,363,499 | ---- | C] () -- C:\Users\Skeith\Documents\Servant.wma
[2012/11/21 17:39:36 | 000,089,950 | ---- | C] () -- C:\Users\Skeith\Documents\IMG_21112012_193918.png
[2012/11/21 08:41:09 | 000,507,859 | ---- | C] () -- C:\Users\Skeith\Documents\shadoj.wma
[2012/11/21 01:17:43 | 000,040,511 | ---- | C] () -- C:\Users\Skeith\Documents\FAUCK.jpg
[2012/11/21 01:11:46 | 000,120,331 | ---- | C] () -- C:\Users\Skeith\Documents\432122_364411560296090_1619868283_n.jpg
[2012/11/20 21:44:13 | 000,088,440 | ---- | C] () -- C:\Users\Skeith\Documents\Suit.jpg
[2012/11/18 16:35:05 | 000,091,788 | ---- | C] () -- C:\Users\Skeith\Documents\SMILE.jpg
[2012/11/17 01:14:14 | 000,440,509 | ---- | C] () -- C:\Users\Skeith\Documents\Ambercute.wma
[2012/11/16 21:00:54 | 001,223,216 | ---- | C] () -- C:\Users\Skeith\Documents\IMG_16112012_210012.png
[2012/11/01 18:16:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/01 18:16:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/01 18:16:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/01 18:16:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/01 18:16:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/01 10:45:24 | 000,000,000 | ---- | C] () -- C:\Users\Skeith\defogger_reenable
[2012/09/26 15:21:16 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2012/09/26 15:21:16 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2012/09/26 15:21:16 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2012/09/26 15:21:16 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2012/09/26 15:21:15 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2012/09/26 15:21:15 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2012/09/26 15:21:15 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2012/09/26 15:21:15 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2012/09/26 15:21:15 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2012/09/26 15:21:15 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2012/09/26 15:21:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2012/09/26 15:21:14 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2012/09/26 15:21:14 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2012/09/26 15:21:14 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2012/09/26 15:21:13 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2012/09/26 15:21:13 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2012/09/26 15:21:13 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2012/09/26 15:21:13 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2012/09/26 15:21:12 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2012/09/26 15:21:12 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2012/09/26 15:21:11 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2012/09/06 00:07:15 | 000,074,144 | ---- | C] () -- C:\Users\Skeith\AppData\Roaming\icarus-dxdiag.xml
[2012/05/10 12:12:32 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\COMSocketServer.dll
[2012/05/10 12:12:30 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/05/10 12:12:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/05/05 19:17:08 | 000,010,752 | ---- | C] () -- C:\Users\Skeith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/05 18:37:42 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll
[2012/05/05 18:37:41 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2012/05/05 18:37:41 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll
[2012/05/05 18:37:40 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2012/05/05 18:37:40 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2012/05/05 18:37:40 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2012/03/30 17:51:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/10 08:10:51 | 000,833,514 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2012/03/30 17:44:37 | 000,000,000 | -HSD | M] -- C:\Users\Skeith\AppData\Local\{94b28a81-b542-12e3-8033-6749adc5d925}\L
[2012/08/14 18:02:19 | 000,000,000 | -HSD | M] -- C:\Users\Skeith\AppData\Local\{94b28a81-b542-12e3-8033-6749adc5d925}\U
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Edited by Sotyr, 17 December 2012 - 11:42 AM.


#10 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:12:44 PM

Posted 17 December 2012 - 03:30 PM

Hi Sotyr,

we should remove easily these last new "programs".
Please be careful, otherwise we will never end here.:)

Please go to Start => Control Panel => Programs and Features and uninstall

  • Optimizer Pro v3.0
  • Search Assistant MocaFlix 1.66
  • SaveAs (or something similar, this one may be shown in a different way)
Then run again OTL as you already done previously and post the log in your next reply.


Regards

#11 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 17 December 2012 - 07:49 PM

I ran it a couple times and I kept only getting a OTL Text File not Extra for some reason. Also what about the windows defender Message?


-----
LOTL logfile created on: 12/17/2012 4:41:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Skeith\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 27.42% Memory free
7.50 Gb Paging File | 3.92 Gb Available in Paging File | 52.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.91 Gb Total Space | 297.96 Gb Free Space | 66.08% Space Free | Partition Type: NTFS

Computer Name: SHADOWSKEITH-PC | User Name: Skeith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/12/12 22:20:10 | 000,541,168 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/12/10 21:47:44 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/05 15:57:16 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/12/04 17:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/29 20:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/30 14:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/12/20 15:32:56 | 002,750,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/12 22:20:44 | 000,835,072 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/12 22:20:09 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/12 22:20:08 | 000,968,688 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/12/12 22:20:08 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/12 22:20:08 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/12/12 22:20:07 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/04 17:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 17:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 17:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 17:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 17:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 17:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 17:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 17:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/11/29 20:36:08 | 000,060,928 | ---- | M] () -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/20 15:32:56 | 002,750,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/04 18:38:04 | 001,242,112 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2010/12/04 18:38:02 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/04/14 18:56:24 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010/04/14 18:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV:64bit: - [2009/07/14 22:14:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/12 22:20:10 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/20 15:32:48 | 001,691,848 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/11/20 19:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 19:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 19:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/04/14 18:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2010/04/14 13:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 14:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 14:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 14:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 14:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 14:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 14:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 07:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/30 17:44:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/30 17:44:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 02:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/10 22:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/19 00:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/29 00:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/09/30 22:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/15 00:23:30 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 01:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS482
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms}
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Skeith\AppData\Local\Roblox\Versions\version-5acc042b77fe4879\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Skeith\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Skeith\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll ( )
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/31 22:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/10 21:48:15 | 000,000,000 | ---D | M]

[2012/05/31 16:50:14 | 000,040,960 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.51_0\
CHR - Extension: avast! WebRep = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
CHR - Extension: RealDownloader = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: SaveAs = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifpanhlgfibckbnjnefgijplpdahkkjj\2_0\
CHR - Extension: Gmail = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/12 09:01:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SaveAs Class) - {7DF5B10B-8D9E-0D32-FC3C-128B3EE5F0AA} - C:\ProgramData\SaveAs\50ce0d9839b74.ocx ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1513539516-666335651-772069544-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0961BF4F-B5B2-4E08-81B2-B3868388C2CC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/16 12:01:06 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Documents\JAILBREAK
[2012/12/16 11:48:19 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\redsn0w
[2012/12/16 11:21:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Skeith\Desktop\OTL.exe
[2012/12/16 09:59:37 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Desktop\mom
[2012/12/16 09:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\%Installer_PublisherName%
[2012/12/16 09:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2012/12/16 09:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
[2012/12/16 09:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/12/16 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Desktop\lesson pla n
[2012/12/15 13:41:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/15 09:17:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/15 08:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 08:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 08:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/15 08:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/15 08:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/12 03:02:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 03:02:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 03:02:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 03:02:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 03:02:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 03:02:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 03:02:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 03:02:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 03:02:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 03:02:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 03:02:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 03:02:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 03:02:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 03:02:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 03:02:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/11 16:17:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/11 16:17:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/11 16:17:25 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/11 16:17:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/11 16:17:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/11 16:17:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/11 16:17:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/11 16:17:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/11 16:17:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/11 16:17:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/11 16:17:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/11 16:17:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/11 16:17:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 16:17:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 16:17:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 16:17:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 16:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 16:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 16:17:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 16:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 16:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 16:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 16:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 16:17:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 16:17:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 16:17:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 16:17:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 16:17:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 16:17:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 16:17:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 16:17:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 16:17:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 16:17:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 16:17:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 16:17:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 16:17:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 16:17:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/11 16:16:08 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/11 16:16:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/11 16:16:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/11 16:16:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/11 16:16:04 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/11 16:16:03 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/11 15:24:21 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Desktop\Blythe
[2012/12/10 21:48:40 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\RealNetworks
[2012/12/10 21:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2012/12/10 21:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2012/12/10 21:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/12/10 21:47:53 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/12/10 21:47:46 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/12/10 21:47:46 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/12/10 21:47:45 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/12/10 21:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/12/10 06:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/12/07 22:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/12/07 20:51:00 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
[2012/11/30 18:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/11/30 18:21:46 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Local\Apple Computer
[2012/11/30 18:21:45 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Apple Computer
[2012/11/30 18:21:41 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/11/30 18:21:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/11/30 18:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/30 18:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/30 18:19:09 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Local\Apple
[2012/11/30 18:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/11/30 18:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/11/30 18:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/11/30 18:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/11/30 18:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/11/30 18:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/11/25 00:05:31 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\OpenOffice.org
[2012/11/25 00:04:03 | 000,000,000 | --SD | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/11/25 00:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/11/24 19:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/24 19:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/22 11:03:41 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Documents\Telltale Games
[2012/11/22 01:41:15 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PMA
[2012/11/21 18:50:00 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Clickteam
[2012/11/21 18:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Creator
[2012/11/21 18:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Install Creator
[2012/11/21 16:52:44 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Dark Revolution
[2012/11/19 15:37:40 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/11/19 08:47:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/17 16:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000UA.job
[2012/12/17 16:01:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/17 12:12:33 | 000,034,019 | ---- | M] () -- C:\Users\Skeith\Documents\Nonbroken=3.JPG
[2012/12/17 12:10:42 | 000,069,513 | ---- | M] () -- C:\Users\Skeith\Documents\BrokenD=.JPG
[2012/12/17 12:08:17 | 000,275,487 | ---- | M] () -- C:\Users\Skeith\Documents\Picture of me 22.png
[2012/12/17 12:07:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000Core.job
[2012/12/17 05:47:48 | 000,881,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/17 05:47:48 | 000,733,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/17 05:47:48 | 000,147,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/16 23:01:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/16 18:47:26 | 000,168,854 | ---- | M] () -- C:\Users\Skeith\Documents\6215C2A5-2800-40F4-B229-FF44F820786D.jpg
[2012/12/16 12:26:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 12:26:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 11:21:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Skeith\Desktop\OTL.exe
[2012/12/16 09:34:05 | 000,095,503 | ---- | M] () -- C:\Users\Skeith\Desktop\lpView_print.pdf
[2012/12/16 03:00:35 | 000,458,270 | ---- | M] () -- C:\Users\Skeith\Desktop\computers 2011.mht
[2012/12/16 02:57:22 | 000,093,239 | ---- | M] () -- C:\Users\Skeith\Desktop\My Account 2011- View All Orders_jsp.htm
[2012/12/15 12:01:29 | 000,010,729 | ---- | M] () -- C:\Users\Skeith\Desktop\112012paypal.pdf
[2012/12/15 08:29:41 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 22:56:30 | 000,023,085 | ---- | M] () -- C:\Users\Skeith\Documents\Pokemon!.odt
[2012/12/14 12:49:57 | 000,001,360 | ---- | M] () -- C:\Users\Skeith\Desktop\ROBLOX Player.lnk
[2012/12/12 19:08:12 | 000,017,545 | ---- | M] () -- C:\Users\Skeith\Documents\New Canvas.png
[2012/12/12 19:00:07 | 000,319,279 | ---- | M] () -- C:\Users\Skeith\Documents\touch.wma
[2012/12/12 15:22:25 | 000,051,546 | ---- | M] () -- C:\Users\Skeith\Documents\New Canvas2.png
[2012/12/12 09:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/12 09:18:34 | 3019,091,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/12 09:01:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/12 08:44:58 | 000,001,164 | ---- | M] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut (2).lnk
[2012/12/12 08:44:44 | 000,001,164 | ---- | M] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut.lnk
[2012/12/12 03:22:20 | 000,437,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/10 21:48:20 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/12/10 21:47:53 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/12/10 21:47:46 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/12/10 21:47:46 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/12/10 21:47:45 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/12/10 06:18:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/10 06:18:25 | 000,001,920 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/09 21:08:20 | 000,053,641 | ---- | M] () -- C:\Users\Skeith\Documents\Tyler-The-Bropimp.png
[2012/12/09 20:42:39 | 000,047,756 | ---- | M] () -- C:\Users\Skeith\Documents\MIKEY AND HIS HOT bleep ----------NSFW.png
[2012/12/09 20:28:22 | 000,038,427 | ---- | M] () -- C:\Users\Skeith\Documents\SOTY AND AMBER DOING SOME TYPE OF HORSE TYPE THING ------ NSFW.png
[2012/12/09 20:00:48 | 000,047,904 | ---- | M] () -- C:\Users\Skeith\Documents\WOAH MAN THERE IS A LARGE ABSENCE OF HORSES HERE MAN ------ NSFW.png
[2012/12/08 01:03:36 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012/12/07 21:25:58 | 000,000,512 | ---- | M] () -- C:\Users\Skeith\Desktop\MBR.dat
[2012/12/06 19:43:22 | 000,029,910 | ---- | M] () -- C:\Users\Skeith\Desktop\bingo.jpg
[2012/12/06 19:43:22 | 000,029,910 | ---- | M] () -- C:\Users\Skeith\Desktop\12531_506432942724776_1496741011_n.jpg
[2012/12/01 17:41:10 | 000,032,699 | ---- | M] () -- C:\Users\Skeith\Desktop\garden 2.jpg
[2012/12/01 17:41:10 | 000,027,825 | ---- | M] () -- C:\Users\Skeith\Desktop\garden1.jpg
[2012/11/29 15:10:51 | 000,107,782 | ---- | M] () -- C:\Users\Skeith\Desktop\3 - Community Service-Volunteer Hours_Sheet 10-2006.pdf
[2012/11/29 14:07:17 | 000,007,598 | ---- | M] () -- C:\Users\Skeith\AppData\Local\Resmon.ResmonCfg
[2012/11/28 19:10:52 | 000,205,968 | ---- | M] () -- C:\Users\Skeith\Documents\Lizard's threat 2.png
[2012/11/28 19:10:35 | 000,194,959 | ---- | M] () -- C:\Users\Skeith\Documents\Lizard's threat..png
[2012/11/26 22:55:58 | 001,494,572 | ---- | M] () -- C:\Users\Skeith\Documents\IMG_27112012_015509.png
[2012/11/26 05:56:37 | 000,017,519 | ---- | M] () -- C:\Users\Skeith\Desktop\A point sheet.odt
[2012/11/26 05:56:24 | 000,017,516 | ---- | M] () -- C:\Users\Skeith\Desktop\Angelo A point sheet.odt
[2012/11/25 18:41:00 | 000,002,279 | ---- | M] () -- C:\Users\Skeith\Documents\Scott.odb
[2012/11/25 13:00:57 | 000,025,010 | ---- | M] () -- C:\Users\Public\Documents\Pedophileofage0.png
[2012/11/25 12:31:20 | 000,017,675 | ---- | M] () -- C:\Users\Skeith\Documents\Honchkrow.png
[2012/11/25 08:50:54 | 000,356,339 | ---- | M] () -- C:\Users\Skeith\Desktop\trellises.png
[2012/11/25 01:39:14 | 000,131,072 | ---- | M] () -- C:\Users\Skeith\Documents\Pokemon Emerald.sav
[2012/11/25 01:38:19 | 016,777,216 | ---- | M] () -- C:\Users\Skeith\Documents\Pokemon Emerald.GBA
[2012/11/25 01:11:19 | 000,015,160 | ---- | M] () -- C:\Users\Skeith\Documents\Honchkrow1.png
[2012/11/25 00:06:23 | 000,002,279 | ---- | M] () -- C:\Users\Skeith\Documents\New Database.odb
[2012/11/25 00:05:35 | 000,001,237 | ---- | M] () -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/21 23:51:09 | 003,363,499 | ---- | M] () -- C:\Users\Skeith\Documents\Servant.wma
[2012/11/21 17:39:39 | 000,089,950 | ---- | M] () -- C:\Users\Skeith\Documents\IMG_21112012_193918.png
[2012/11/21 14:00:45 | 001,802,240 | ---- | M] () -- C:\Users\Skeith\Documents\Walburg Energy Alternatives Database.accdb
[2012/11/21 08:41:09 | 000,507,859 | ---- | M] () -- C:\Users\Skeith\Documents\shadoj.wma
[2012/11/21 01:17:51 | 000,040,511 | ---- | M] () -- C:\Users\Skeith\Documents\FAUCK.jpg
[2012/11/21 01:11:48 | 000,120,331 | ---- | M] () -- C:\Users\Skeith\Documents\432122_364411560296090_1619868283_n.jpg
[2012/11/20 21:44:30 | 000,088,440 | ---- | M] () -- C:\Users\Skeith\Documents\Suit.jpg
[2012/11/18 16:35:11 | 000,091,788 | ---- | M] () -- C:\Users\Skeith\Documents\SMILE.jpg
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/17 12:12:32 | 000,034,019 | ---- | C] () -- C:\Users\Skeith\Documents\Nonbroken=3.JPG
[2012/12/17 12:10:41 | 000,069,513 | ---- | C] () -- C:\Users\Skeith\Documents\BrokenD=.JPG
[2012/12/17 12:08:13 | 000,275,487 | ---- | C] () -- C:\Users\Skeith\Documents\Picture of me 22.png
[2012/12/16 18:47:21 | 000,168,854 | ---- | C] () -- C:\Users\Skeith\Documents\6215C2A5-2800-40F4-B229-FF44F820786D.jpg
[2012/12/16 09:34:05 | 000,095,503 | ---- | C] () -- C:\Users\Skeith\Desktop\lpView_print.pdf
[2012/12/16 03:00:34 | 000,458,270 | ---- | C] () -- C:\Users\Skeith\Desktop\computers 2011.mht
[2012/12/16 02:57:22 | 000,093,239 | ---- | C] () -- C:\Users\Skeith\Desktop\My Account 2011- View All Orders_jsp.htm
[2012/12/15 12:01:29 | 000,010,729 | ---- | C] () -- C:\Users\Skeith\Desktop\112012paypal.pdf
[2012/12/15 08:29:41 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 22:35:16 | 000,023,085 | ---- | C] () -- C:\Users\Skeith\Documents\Pokemon!.odt
[2012/12/12 19:08:10 | 000,017,545 | ---- | C] () -- C:\Users\Skeith\Documents\New Canvas.png
[2012/12/12 18:59:36 | 000,319,279 | ---- | C] () -- C:\Users\Skeith\Documents\touch.wma
[2012/12/12 15:22:07 | 000,051,546 | ---- | C] () -- C:\Users\Skeith\Documents\New Canvas2.png
[2012/12/12 08:44:58 | 000,001,164 | ---- | C] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut (2).lnk
[2012/12/12 08:44:44 | 000,001,164 | ---- | C] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut.lnk
[2012/12/10 21:48:20 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/12/10 06:18:25 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/09 21:08:06 | 000,053,641 | ---- | C] () -- C:\Users\Skeith\Documents\Tyler-The-Bropimp.png
[2012/12/09 20:42:38 | 000,047,756 | ---- | C] () -- C:\Users\Skeith\Documents\MIKEY AND HIS HOT bleep ----------NSFW.png
[2012/12/09 20:28:21 | 000,038,427 | ---- | C] () -- C:\Users\Skeith\Documents\SOTY AND AMBER DOING SOME TYPE OF HORSE TYPE THING ------ NSFW.png
[2012/12/09 20:00:45 | 000,047,904 | ---- | C] () -- C:\Users\Skeith\Documents\WOAH MAN THERE IS A LARGE ABSENCE OF HORSES HERE MAN ------ NSFW.png
[2012/12/07 20:51:00 | 000,001,360 | ---- | C] () -- C:\Users\Skeith\Desktop\ROBLOX Player.lnk
[2012/12/07 20:04:20 | 000,000,512 | ---- | C] () -- C:\Users\Skeith\Desktop\MBR.dat
[2012/12/06 19:46:34 | 000,029,910 | ---- | C] () -- C:\Users\Skeith\Desktop\bingo.jpg
[2012/12/06 19:43:44 | 000,029,910 | ---- | C] () -- C:\Users\Skeith\Desktop\12531_506432942724776_1496741011_n.jpg
[2012/12/01 17:45:20 | 000,032,699 | ---- | C] () -- C:\Users\Skeith\Desktop\garden 2.jpg
[2012/12/01 17:45:13 | 000,027,825 | ---- | C] () -- C:\Users\Skeith\Desktop\garden1.jpg
[2012/11/30 18:19:08 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/11/29 15:10:51 | 000,107,782 | ---- | C] () -- C:\Users\Skeith\Desktop\3 - Community Service-Volunteer Hours_Sheet 10-2006.pdf
[2012/11/29 11:43:36 | 000,007,598 | ---- | C] () -- C:\Users\Skeith\AppData\Local\Resmon.ResmonCfg
[2012/11/28 19:10:37 | 000,205,968 | ---- | C] () -- C:\Users\Skeith\Documents\Lizard's threat 2.png
[2012/11/28 19:10:21 | 000,194,959 | ---- | C] () -- C:\Users\Skeith\Documents\Lizard's threat..png
[2012/11/27 09:04:38 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012/11/26 22:55:26 | 001,494,572 | ---- | C] () -- C:\Users\Skeith\Documents\IMG_27112012_015509.png
[2012/11/26 05:56:35 | 000,017,519 | ---- | C] () -- C:\Users\Skeith\Desktop\A point sheet.odt
[2012/11/26 05:56:22 | 000,017,516 | ---- | C] () -- C:\Users\Skeith\Desktop\Angelo A point sheet.odt
[2012/11/25 18:26:37 | 000,002,279 | ---- | C] () -- C:\Users\Skeith\Documents\Scott.odb
[2012/11/25 13:00:57 | 000,025,010 | ---- | C] () -- C:\Users\Public\Documents\Pedophileofage0.png
[2012/11/25 08:51:57 | 000,356,339 | ---- | C] () -- C:\Users\Skeith\Desktop\trellises.png
[2012/11/25 01:38:44 | 000,131,072 | ---- | C] () -- C:\Users\Skeith\Documents\Pokemon Emerald.sav
[2012/11/25 01:38:04 | 016,777,216 | ---- | C] () -- C:\Users\Skeith\Documents\Pokemon Emerald.GBA
[2012/11/25 01:35:00 | 000,015,160 | ---- | C] () -- C:\Users\Skeith\Documents\Honchkrow1.png
[2012/11/25 01:07:24 | 000,017,675 | ---- | C] () -- C:\Users\Skeith\Documents\Honchkrow.png
[2012/11/25 00:05:58 | 000,002,279 | ---- | C] () -- C:\Users\Skeith\Documents\New Database.odb
[2012/11/25 00:05:35 | 000,001,237 | ---- | C] () -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/21 23:46:26 | 003,363,499 | ---- | C] () -- C:\Users\Skeith\Documents\Servant.wma
[2012/11/21 17:39:36 | 000,089,950 | ---- | C] () -- C:\Users\Skeith\Documents\IMG_21112012_193918.png
[2012/11/21 08:41:09 | 000,507,859 | ---- | C] () -- C:\Users\Skeith\Documents\shadoj.wma
[2012/11/21 01:17:43 | 000,040,511 | ---- | C] () -- C:\Users\Skeith\Documents\FAUCK.jpg
[2012/11/21 01:11:46 | 000,120,331 | ---- | C] () -- C:\Users\Skeith\Documents\432122_364411560296090_1619868283_n.jpg
[2012/11/20 21:44:13 | 000,088,440 | ---- | C] () -- C:\Users\Skeith\Documents\Suit.jpg
[2012/11/18 16:35:05 | 000,091,788 | ---- | C] () -- C:\Users\Skeith\Documents\SMILE.jpg
[2012/11/01 18:16:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/01 18:16:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/01 18:16:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/01 18:16:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/01 18:16:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/01 10:45:24 | 000,000,000 | ---- | C] () -- C:\Users\Skeith\defogger_reenable
[2012/09/26 15:21:16 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2012/09/26 15:21:16 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2012/09/26 15:21:16 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2012/09/26 15:21:16 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2012/09/26 15:21:15 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2012/09/26 15:21:15 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2012/09/26 15:21:15 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2012/09/26 15:21:15 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2012/09/26 15:21:15 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2012/09/26 15:21:15 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2012/09/26 15:21:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2012/09/26 15:21:14 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2012/09/26 15:21:14 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2012/09/26 15:21:14 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2012/09/26 15:21:13 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2012/09/26 15:21:13 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2012/09/26 15:21:13 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2012/09/26 15:21:13 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2012/09/26 15:21:12 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2012/09/26 15:21:12 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2012/09/26 15:21:11 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2012/09/06 00:07:15 | 000,074,144 | ---- | C] () -- C:\Users\Skeith\AppData\Roaming\icarus-dxdiag.xml
[2012/05/10 12:12:32 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\COMSocketServer.dll
[2012/05/10 12:12:30 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/05/10 12:12:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/05/05 19:17:08 | 000,010,752 | ---- | C] () -- C:\Users\Skeith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/05 18:37:42 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll
[2012/05/05 18:37:41 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2012/05/05 18:37:41 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll
[2012/05/05 18:37:40 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2012/05/05 18:37:40 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2012/05/05 18:37:40 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2012/03/30 17:51:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/10 08:10:51 | 000,833,514 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2012/03/30 17:44:37 | 000,000,000 | -HSD | M] -- C:\Users\Skeith\AppData\Local\{94b28a81-b542-12e3-8033-6749adc5d925}\L
[2012/08/14 18:02:19 | 000,000,000 | -HSD | M] -- C:\Users\Skeith\AppData\Local\{94b28a81-b542-12e3-8033-6749adc5d925}\U
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#12 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:12:44 PM

Posted 19 December 2012 - 04:01 PM

Hello Sotyr,

please run again OTL then

  • Copy and Paste the following code into the Posted Image textbox

    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms}
    IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
    IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1513539516-666335651-772069544-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms}
    CHR - Extension: SaveAs = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifpanhlgfibckbnjnefgijplpdahkkjj\2_0\
    O2 - BHO: (SaveAs Class) - {7DF5B10B-8D9E-0D32-FC3C-128B3EE5F0AA} - C:\ProgramData\SaveAs\50ce0d9839b74.ocx ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2012/12/16 09:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
    [2012/12/16 09:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
  • Click on the Run Fix button
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open, close it
then download AdwCleaner and

  • Close all open programs and internet browsers
  • Double click on AdwCleaner icon to run the tool
  • Click on Delete
  • Confirm each time with Ok
  • You will be prompted to restart your computer. A text file will open after the restart
  • Close it and quit AdwCleaner
In your next reply please post the OTL log and the C:\AdwCleaner[S1].txt file contents.


Regards

#13 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 19 December 2012 - 04:27 PM

# AdwCleaner v2.101 - Logfile created 12/19/2012 at 13:22:21
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Skeith - SHADOWSKEITH-PC
# Boot Mode : Normal
# Running from : C:\Users\Skeith\Downloads\AdwCleaner (2).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Skeith\AppData\LocalLow\SaveAs

***** [Registry] *****

Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [15583 octets] - [04/11/2012 15:15:47]
AdwCleaner[S2].txt - [958 octets] - [07/12/2012 22:37:31]
AdwCleaner[S3].txt - [1092 octets] - [19/12/2012 13:22:21]

########## EOF - C:\AdwCleaner[S3].txt - [1152 octets] ##########




========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKU\S-1-5-21-1513539516-666335651-772069544-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1513539516-666335651-772069544-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1513539516-666335651-772069544-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifpanhlgfibckbnjnefgijplpdahkkjj\2_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DF5B10B-8D9E-0D32-FC3C-128B3EE5F0AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DF5B10B-8D9E-0D32-FC3C-128B3EE5F0AA}\ deleted successfully.
C:\ProgramData\SaveAs\50ce0d9839b74.ocx moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\ProgramData\SaveAs\data folder moved successfully.
C:\ProgramData\SaveAs folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 12192012_131934

#14 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:12:44 PM

Posted 20 December 2012 - 03:15 PM

Hi Sotyr,

well done.:)

Please perform a new OTL scan and post the log in the next reply.
How is your computer running now?


Regards

Edited by Clairvoyant, 20 December 2012 - 03:16 PM.


#15 Sotyr

Sotyr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 21 December 2012 - 12:07 PM

A little better, Still mostly the same though.


OTL logfile created on: 12/21/2012 8:51:37 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Skeith\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 60.07% Memory free
7.50 Gb Paging File | 5.89 Gb Available in Paging File | 78.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.91 Gb Total Space | 294.23 Gb Free Space | 65.25% Space Free | Partition Type: NTFS

Computer Name: SHADOWSKEITH-PC | User Name: Skeith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/16 11:21:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Skeith\Desktop\OTL.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/10 21:47:44 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/04 17:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/29 20:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/30 14:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/04 17:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 17:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 17:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 17:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 17:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 17:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 17:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/04/14 18:56:24 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010/04/14 18:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV:64bit: - [2009/07/14 22:14:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/20 09:07:43 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/20 15:32:48 | 001,691,848 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/11/20 19:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 19:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 19:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/04/14 18:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2010/04/14 13:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/20 10:05:46 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/30 14:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 14:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 14:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 14:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 14:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 14:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 07:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/30 17:44:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/30 17:44:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 02:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/10 22:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/19 00:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/29 00:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/09/30 22:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/15 00:23:30 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 01:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS482
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Skeith\AppData\Local\Roblox\Versions\version-5acc042b77fe4879\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Skeith\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Skeith\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll ( )
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/31 22:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/10 21:48:15 | 000,000,000 | ---D | M]

[2012/05/31 16:50:14 | 000,040,960 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Skeith\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: avast! WebRep = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
CHR - Extension: RealDownloader = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Gmail = C:\Users\Skeith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/12 09:01:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0961BF4F-B5B2-4E08-81B2-B3868388C2CC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/21 03:00:39 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 03:00:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 03:00:35 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 03:00:33 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/20 10:05:46 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/12/20 10:05:42 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\DAEMON Tools Lite
[2012/12/20 10:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/12/20 10:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/12/19 13:19:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/18 09:37:10 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Local\{DF2A1054-98D7-498C-9261-83F971C34507}
[2012/12/16 12:01:06 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Documents\JAILBREAK
[2012/12/16 11:48:19 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\redsn0w
[2012/12/16 11:21:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Skeith\Desktop\OTL.exe
[2012/12/16 09:59:37 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Desktop\mom
[2012/12/16 09:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\%Installer_PublisherName%
[2012/12/16 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Desktop\lesson pla n
[2012/12/15 13:41:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/15 09:17:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/15 08:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 08:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 08:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/15 08:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/15 08:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/12 03:02:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 03:02:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 03:02:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 03:02:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 03:02:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 03:02:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 03:02:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 03:02:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 03:02:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 03:02:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 03:02:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 03:02:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 03:02:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 03:02:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 03:02:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/11 16:17:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/11 16:17:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/11 16:17:25 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/11 16:17:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/11 16:17:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/11 16:17:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/11 16:17:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/11 16:17:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/11 16:17:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/11 16:17:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/11 16:17:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/11 16:17:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/11 16:17:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 16:17:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 16:17:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 16:17:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 16:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 16:17:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 16:17:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 16:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 16:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 16:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 16:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 16:17:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 16:17:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 16:17:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 16:17:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 16:17:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 16:17:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 16:17:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 16:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 16:17:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 16:17:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 16:17:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 16:17:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 16:17:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 16:17:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 16:17:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 16:17:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 16:17:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 16:17:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 16:17:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 16:17:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/11 16:16:04 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/11 16:16:03 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/11 15:24:21 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Desktop\Blythe
[2012/12/10 21:48:40 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\RealNetworks
[2012/12/10 21:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2012/12/10 21:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2012/12/10 21:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/12/10 21:47:53 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/12/10 21:47:46 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/12/10 21:47:46 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/12/10 21:47:45 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/12/10 21:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/12/10 06:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/12/07 22:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/12/07 20:51:00 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
[2012/11/30 18:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/11/30 18:21:46 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Local\Apple Computer
[2012/11/30 18:21:45 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Apple Computer
[2012/11/30 18:21:41 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/11/30 18:21:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/11/30 18:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/30 18:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/30 18:19:09 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Local\Apple
[2012/11/30 18:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/11/30 18:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/11/30 18:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/11/30 18:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/11/30 18:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/11/30 18:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/11/25 00:05:31 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\OpenOffice.org
[2012/11/25 00:04:03 | 000,000,000 | --SD | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/11/25 00:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/11/24 19:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/24 19:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/22 11:03:41 | 000,000,000 | ---D | C] -- C:\Users\Skeith\Documents\Telltale Games
[2012/11/22 01:41:15 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PMA
[2012/11/21 18:50:00 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Clickteam
[2012/11/21 18:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Creator
[2012/11/21 18:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Install Creator
[2012/11/21 16:52:44 | 000,000,000 | ---D | C] -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Dark Revolution
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/21 08:49:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/21 08:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000UA.job
[2012/12/21 08:01:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/21 03:25:12 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 03:25:12 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 03:23:51 | 000,881,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/21 03:23:51 | 000,733,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/21 03:23:51 | 000,147,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/21 03:17:17 | 000,437,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/21 03:17:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/21 03:17:03 | 3019,091,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 22:33:07 | 000,092,923 | ---- | M] () -- C:\Users\Skeith\Desktop\courtney 2.jpg
[2012/12/20 22:32:09 | 000,100,661 | ---- | M] () -- C:\Users\Skeith\Desktop\courtney.jpg
[2012/12/20 15:27:33 | 000,025,284 | ---- | M] () -- C:\Users\Skeith\Documents\Mikeys christmas.jpg
[2012/12/20 15:02:08 | 000,047,997 | ---- | M] () -- C:\Users\Skeith\Documents\Sotys christmas.jpg
[2012/12/20 12:07:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513539516-666335651-772069544-1000Core.job
[2012/12/20 10:05:46 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/12/19 15:37:01 | 002,627,139 | ---- | M] () -- C:\Users\Skeith\Documents\touch.wma
[2012/12/18 10:27:22 | 000,017,408 | ---- | M] () -- C:\Users\Skeith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/17 12:12:33 | 000,034,019 | ---- | M] () -- C:\Users\Skeith\Documents\Nonbroken=3.JPG
[2012/12/17 12:10:42 | 000,069,513 | ---- | M] () -- C:\Users\Skeith\Documents\BrokenD=.JPG
[2012/12/17 12:08:17 | 000,275,487 | ---- | M] () -- C:\Users\Skeith\Documents\Picture of me 22.png
[2012/12/16 18:47:26 | 000,168,854 | ---- | M] () -- C:\Users\Skeith\Documents\6215C2A5-2800-40F4-B229-FF44F820786D.jpg
[2012/12/16 11:21:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Skeith\Desktop\OTL.exe
[2012/12/16 09:34:05 | 000,095,503 | ---- | M] () -- C:\Users\Skeith\Desktop\lpView_print.pdf
[2012/12/16 09:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 06:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/16 03:00:35 | 000,458,270 | ---- | M] () -- C:\Users\Skeith\Desktop\computers 2011.mht
[2012/12/16 02:57:22 | 000,093,239 | ---- | M] () -- C:\Users\Skeith\Desktop\My Account 2011- View All Orders_jsp.htm
[2012/12/15 12:01:29 | 000,010,729 | ---- | M] () -- C:\Users\Skeith\Desktop\112012paypal.pdf
[2012/12/15 08:29:41 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 22:56:30 | 000,023,085 | ---- | M] () -- C:\Users\Skeith\Documents\Pokemon!.odt
[2012/12/14 12:49:57 | 000,001,360 | ---- | M] () -- C:\Users\Skeith\Desktop\ROBLOX Player.lnk
[2012/12/12 19:08:12 | 000,017,545 | ---- | M] () -- C:\Users\Skeith\Documents\New Canvas.png
[2012/12/12 15:22:25 | 000,051,546 | ---- | M] () -- C:\Users\Skeith\Documents\New Canvas2.png
[2012/12/12 09:01:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/12 08:44:58 | 000,001,164 | ---- | M] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut (2).lnk
[2012/12/12 08:44:44 | 000,001,164 | ---- | M] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut.lnk
[2012/12/10 21:48:20 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/12/10 21:47:53 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/12/10 21:47:46 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/12/10 21:47:46 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/12/10 21:47:45 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/12/10 06:18:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/10 06:18:25 | 000,001,920 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/09 21:08:20 | 000,053,641 | ---- | M] () -- C:\Users\Skeith\Documents\Tyler-The-Bropimp.png
[2012/12/09 20:42:39 | 000,047,756 | ---- | M] () -- C:\Users\Skeith\Documents\MIKEY AND HIS HOT bleep ----------NSFW.png
[2012/12/09 20:28:22 | 000,038,427 | ---- | M] () -- C:\Users\Skeith\Documents\SOTY AND AMBER DOING SOME TYPE OF HORSE TYPE THING ------ NSFW.png
[2012/12/09 20:00:48 | 000,047,904 | ---- | M] () -- C:\Users\Skeith\Documents\WOAH MAN THERE IS A LARGE ABSENCE OF HORSES HERE MAN ------ NSFW.png
[2012/12/08 01:03:36 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012/12/07 21:25:58 | 000,000,512 | ---- | M] () -- C:\Users\Skeith\Desktop\MBR.dat
[2012/12/06 19:43:22 | 000,029,910 | ---- | M] () -- C:\Users\Skeith\Desktop\bingo.jpg
[2012/12/06 19:43:22 | 000,029,910 | ---- | M] () -- C:\Users\Skeith\Desktop\12531_506432942724776_1496741011_n.jpg
[2012/12/01 17:41:10 | 000,032,699 | ---- | M] () -- C:\Users\Skeith\Desktop\garden 2.jpg
[2012/12/01 17:41:10 | 000,027,825 | ---- | M] () -- C:\Users\Skeith\Desktop\garden1.jpg
[2012/11/29 15:10:51 | 000,107,782 | ---- | M] () -- C:\Users\Skeith\Desktop\3 - Community Service-Volunteer Hours_Sheet 10-2006.pdf
[2012/11/29 14:07:17 | 000,007,598 | ---- | M] () -- C:\Users\Skeith\AppData\Local\Resmon.ResmonCfg
[2012/11/28 19:10:52 | 000,205,968 | ---- | M] () -- C:\Users\Skeith\Documents\Lizard's threat 2.png
[2012/11/28 19:10:35 | 000,194,959 | ---- | M] () -- C:\Users\Skeith\Documents\Lizard's threat..png
[2012/11/26 22:55:58 | 001,494,572 | ---- | M] () -- C:\Users\Skeith\Documents\IMG_27112012_015509.png
[2012/11/26 05:56:37 | 000,017,519 | ---- | M] () -- C:\Users\Skeith\Desktop\A point sheet.odt
[2012/11/26 05:56:24 | 000,017,516 | ---- | M] () -- C:\Users\Skeith\Desktop\Angelo A point sheet.odt
[2012/11/25 18:41:00 | 000,002,279 | ---- | M] () -- C:\Users\Skeith\Documents\Scott.odb
[2012/11/25 13:00:57 | 000,025,010 | ---- | M] () -- C:\Users\Public\Documents\Pedophileofage0.png
[2012/11/25 12:31:20 | 000,017,675 | ---- | M] () -- C:\Users\Skeith\Documents\Honchkrow.png
[2012/11/25 08:50:54 | 000,356,339 | ---- | M] () -- C:\Users\Skeith\Desktop\trellises.png
[2012/11/25 01:39:14 | 000,131,072 | ---- | M] () -- C:\Users\Skeith\Documents\Pokemon Emerald.sav
[2012/11/25 01:38:19 | 016,777,216 | ---- | M] () -- C:\Users\Skeith\Documents\Pokemon Emerald.GBA
[2012/11/25 01:11:19 | 000,015,160 | ---- | M] () -- C:\Users\Skeith\Documents\Honchkrow1.png
[2012/11/25 00:06:23 | 000,002,279 | ---- | M] () -- C:\Users\Skeith\Documents\New Database.odb
[2012/11/25 00:05:35 | 000,001,237 | ---- | M] () -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/21 23:51:09 | 003,363,499 | ---- | M] () -- C:\Users\Skeith\Documents\Servant.wma
[2012/11/21 17:39:39 | 000,089,950 | ---- | M] () -- C:\Users\Skeith\Documents\IMG_21112012_193918.png
[2012/11/21 14:00:45 | 001,802,240 | ---- | M] () -- C:\Users\Skeith\Documents\Walburg Energy Alternatives Database.accdb
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/20 22:33:07 | 000,092,923 | ---- | C] () -- C:\Users\Skeith\Desktop\courtney 2.jpg
[2012/12/20 22:32:07 | 000,100,661 | ---- | C] () -- C:\Users\Skeith\Desktop\courtney.jpg
[2012/12/20 15:27:32 | 000,025,284 | ---- | C] () -- C:\Users\Skeith\Documents\Mikeys christmas.jpg
[2012/12/20 15:02:07 | 000,047,997 | ---- | C] () -- C:\Users\Skeith\Documents\Sotys christmas.jpg
[2012/12/19 15:33:19 | 002,627,139 | ---- | C] () -- C:\Users\Skeith\Documents\touch.wma
[2012/12/17 12:12:32 | 000,034,019 | ---- | C] () -- C:\Users\Skeith\Documents\Nonbroken=3.JPG
[2012/12/17 12:10:41 | 000,069,513 | ---- | C] () -- C:\Users\Skeith\Documents\BrokenD=.JPG
[2012/12/17 12:08:13 | 000,275,487 | ---- | C] () -- C:\Users\Skeith\Documents\Picture of me 22.png
[2012/12/16 18:47:21 | 000,168,854 | ---- | C] () -- C:\Users\Skeith\Documents\6215C2A5-2800-40F4-B229-FF44F820786D.jpg
[2012/12/16 09:34:05 | 000,095,503 | ---- | C] () -- C:\Users\Skeith\Desktop\lpView_print.pdf
[2012/12/16 03:00:34 | 000,458,270 | ---- | C] () -- C:\Users\Skeith\Desktop\computers 2011.mht
[2012/12/16 02:57:22 | 000,093,239 | ---- | C] () -- C:\Users\Skeith\Desktop\My Account 2011- View All Orders_jsp.htm
[2012/12/15 12:01:29 | 000,010,729 | ---- | C] () -- C:\Users\Skeith\Desktop\112012paypal.pdf
[2012/12/15 08:29:41 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 22:35:16 | 000,023,085 | ---- | C] () -- C:\Users\Skeith\Documents\Pokemon!.odt
[2012/12/12 19:08:10 | 000,017,545 | ---- | C] () -- C:\Users\Skeith\Documents\New Canvas.png
[2012/12/12 15:22:07 | 000,051,546 | ---- | C] () -- C:\Users\Skeith\Documents\New Canvas2.png
[2012/12/12 08:44:58 | 000,001,164 | ---- | C] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut (2).lnk
[2012/12/12 08:44:44 | 000,001,164 | ---- | C] () -- C:\Users\Skeith\Documents\ComboFix.exe - Shortcut.lnk
[2012/12/10 21:48:20 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/12/10 06:18:25 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/09 21:08:06 | 000,053,641 | ---- | C] () -- C:\Users\Skeith\Documents\Tyler-The-Bropimp.png
[2012/12/09 20:42:38 | 000,047,756 | ---- | C] () -- C:\Users\Skeith\Documents\MIKEY AND HIS HOT bleep ----------NSFW.png
[2012/12/09 20:28:21 | 000,038,427 | ---- | C] () -- C:\Users\Skeith\Documents\SOTY AND AMBER DOING SOME TYPE OF HORSE TYPE THING ------ NSFW.png
[2012/12/09 20:00:45 | 000,047,904 | ---- | C] () -- C:\Users\Skeith\Documents\WOAH MAN THERE IS A LARGE ABSENCE OF HORSES HERE MAN ------ NSFW.png
[2012/12/07 20:51:00 | 000,001,360 | ---- | C] () -- C:\Users\Skeith\Desktop\ROBLOX Player.lnk
[2012/12/07 20:04:20 | 000,000,512 | ---- | C] () -- C:\Users\Skeith\Desktop\MBR.dat
[2012/12/06 19:46:34 | 000,029,910 | ---- | C] () -- C:\Users\Skeith\Desktop\bingo.jpg
[2012/12/06 19:43:44 | 000,029,910 | ---- | C] () -- C:\Users\Skeith\Desktop\12531_506432942724776_1496741011_n.jpg
[2012/12/01 17:45:20 | 000,032,699 | ---- | C] () -- C:\Users\Skeith\Desktop\garden 2.jpg
[2012/12/01 17:45:13 | 000,027,825 | ---- | C] () -- C:\Users\Skeith\Desktop\garden1.jpg
[2012/11/30 18:19:08 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/11/29 15:10:51 | 000,107,782 | ---- | C] () -- C:\Users\Skeith\Desktop\3 - Community Service-Volunteer Hours_Sheet 10-2006.pdf
[2012/11/29 11:43:36 | 000,007,598 | ---- | C] () -- C:\Users\Skeith\AppData\Local\Resmon.ResmonCfg
[2012/11/28 19:10:37 | 000,205,968 | ---- | C] () -- C:\Users\Skeith\Documents\Lizard's threat 2.png
[2012/11/28 19:10:21 | 000,194,959 | ---- | C] () -- C:\Users\Skeith\Documents\Lizard's threat..png
[2012/11/27 09:04:38 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012/11/26 22:55:26 | 001,494,572 | ---- | C] () -- C:\Users\Skeith\Documents\IMG_27112012_015509.png
[2012/11/26 05:56:35 | 000,017,519 | ---- | C] () -- C:\Users\Skeith\Desktop\A point sheet.odt
[2012/11/26 05:56:22 | 000,017,516 | ---- | C] () -- C:\Users\Skeith\Desktop\Angelo A point sheet.odt
[2012/11/25 18:26:37 | 000,002,279 | ---- | C] () -- C:\Users\Skeith\Documents\Scott.odb
[2012/11/25 13:00:57 | 000,025,010 | ---- | C] () -- C:\Users\Public\Documents\Pedophileofage0.png
[2012/11/25 08:51:57 | 000,356,339 | ---- | C] () -- C:\Users\Skeith\Desktop\trellises.png
[2012/11/25 01:38:44 | 000,131,072 | ---- | C] () -- C:\Users\Skeith\Documents\Pokemon Emerald.sav
[2012/11/25 01:38:04 | 016,777,216 | ---- | C] () -- C:\Users\Skeith\Documents\Pokemon Emerald.GBA
[2012/11/25 01:35:00 | 000,015,160 | ---- | C] () -- C:\Users\Skeith\Documents\Honchkrow1.png
[2012/11/25 01:07:24 | 000,017,675 | ---- | C] () -- C:\Users\Skeith\Documents\Honchkrow.png
[2012/11/25 00:05:58 | 000,002,279 | ---- | C] () -- C:\Users\Skeith\Documents\New Database.odb
[2012/11/25 00:05:35 | 000,001,237 | ---- | C] () -- C:\Users\Skeith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/11/21 23:46:26 | 003,363,499 | ---- | C] () -- C:\Users\Skeith\Documents\Servant.wma
[2012/11/21 17:39:36 | 000,089,950 | ---- | C] () -- C:\Users\Skeith\Documents\IMG_21112012_193918.png
[2012/11/01 18:16:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/01 18:16:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/01 18:16:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/01 18:16:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/01 18:16:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/01 10:45:24 | 000,000,000 | ---- | C] () -- C:\Users\Skeith\defogger_reenable
[2012/09/26 15:21:16 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2012/09/26 15:21:16 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2012/09/26 15:21:16 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2012/09/26 15:21:16 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2012/09/26 15:21:15 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2012/09/26 15:21:15 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2012/09/26 15:21:15 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2012/09/26 15:21:15 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2012/09/26 15:21:15 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2012/09/26 15:21:15 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2012/09/26 15:21:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2012/09/26 15:21:14 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2012/09/26 15:21:14 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2012/09/26 15:21:14 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2012/09/26 15:21:13 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2012/09/26 15:21:13 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2012/09/26 15:21:13 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2012/09/26 15:21:13 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2012/09/26 15:21:12 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2012/09/26 15:21:12 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2012/09/26 15:21:11 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2012/09/06 00:07:15 | 000,074,144 | ---- | C] () -- C:\Users\Skeith\AppData\Roaming\icarus-dxdiag.xml
[2012/05/10 12:12:32 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\COMSocketServer.dll
[2012/05/10 12:12:30 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/05/10 12:12:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/05/05 19:17:08 | 000,017,408 | ---- | C] () -- C:\Users\Skeith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/05 18:37:42 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll
[2012/05/05 18:37:41 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2012/05/05 18:37:41 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll
[2012/05/05 18:37:40 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2012/05/05 18:37:40 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2012/05/05 18:37:40 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2012/03/30 17:51:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/10 08:10:51 | 000,833,514 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2012/03/30 17:44:37 | 000,000,000 | -HSD | M] -- C:\Users\Skeith\AppData\Local\{94b28a81-b542-12e3-8033-6749adc5d925}\L
[2012/08/14 18:02:19 | 000,000,000 | -HSD | M] -- C:\Users\Skeith\AppData\Local\{94b28a81-b542-12e3-8033-6749adc5d925}\U
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users