Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICReinstall_ZipExtractorSetup.exe


  • This topic is locked This topic is locked
13 replies to this topic

#1 Redsama

Redsama

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 AM

Posted 07 July 2013 - 11:14 PM

I have cleaned over a dozen malware the last few days (conduit, click.sureonlinefind, punkbstr, mixidj,medfos, more than i can remember)  Some i had to regedit (my first time) and start/stop processes. I am now running in circles. Here is dds.txt:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by RedsGaming at 22:27:57 on 2013-07-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8172.6234 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Users\RedsGaming\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\REDSGA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\RedsGaming\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{CC23B992-2D0B-46A1-91E7-00446D72D6FE} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RedsGaming\AppData\Roaming\Mozilla\Firefox\Profiles\t4056evt.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\RedsGaming\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\RedsGaming\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-06 05:59; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; C:\Users\RedsGaming\AppData\Roaming\Mozilla\Firefox\Profiles\t4056evt.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF - ExtSQL: 2013-07-06 18:51; {dd3d7613-0246-469d-bc65-2a3cc1668adc}; C:\Users\RedsGaming\AppData\Roaming\Mozilla\Firefox\Profiles\t4056evt.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2011-11-20 17192]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2011-11-20 15936]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-3-9 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-11-20 46136]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-11-20 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-20 471144]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-11-20 39480]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2011-11-25 31808]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-6 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-6 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-11-20 130976]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
S4 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-19 2358656]
S4 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-20 1255736]
.
=============== Created Last 30 ================
.
2013-07-08 02:25:49    --------    dc----w-    C:\Users\RedsGaming\AppData\Local\MigWiz
2013-07-07 23:21:36    --------    d-----w-    C:\Windows\ERUNT
2013-07-07 23:21:27    --------    d-----w-    C:\JRT
2013-07-07 23:16:12    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D93A86A3-83D3-4115-A9CB-63951B7CFAB7}\offreg.dll
2013-07-07 15:02:36    --------    d-----w-    C:\Users\RedsGaming\AppData\Roaming\PowerISO
2013-07-07 08:26:06    --------    d-----w-    C:\FRST
2013-07-07 08:16:25    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D93A86A3-83D3-4115-A9CB-63951B7CFAB7}\mpengine.dll
2013-07-07 08:12:02    --------    d-----w-    C:\Users\RedsGaming\AppData\Roaming\SUPERAntiSpyware.com
2013-07-07 08:11:41    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-07-07 06:01:10    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-06 21:56:22    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-07-06 21:56:22    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-07-06 21:56:22    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-07-06 21:56:22    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-07-06 21:56:22    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-07-06 05:59:26    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-06 05:59:23    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8B617FFE-B613-44FA-B319-5EEF7CC5A1E1}\mpengine.dll
2013-07-05 17:24:35    279040    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2013-07-05 17:23:20    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-05 17:22:56    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-07-05 17:22:55    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-07-05 17:22:55    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-07-05 17:22:55    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-07-05 17:22:45    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-07-05 17:22:00    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-07-05 14:29:46    --------    d-----w-    C:\Users\RedsGaming\AppData\Local\Apps
2013-07-05 14:02:22    --------    d-----w-    C:\Users\RedsGaming\AppData\Roaming\TeamViewer
2013-07-05 11:55:12    --------    d-----w-    C:\Users\RedsGaming\AppData\Roaming\WinPatrol
2013-07-05 11:55:06    --------    d-----w-    C:\Program Files (x86)\BillP Studios
2013-06-30 21:17:41    --------    d-----w-    C:\Users\RedsGaming\AppData\Roaming\RIFT
2013-06-30 21:17:39    --------    d-----w-    C:\Program Files (x86)\RIFT
2013-06-29 03:40:17    --------    d-----w-    C:\Users\RedsGaming\AppData\Local\TERA
2013-06-25 21:39:59    --------    d-----w-    C:\Users\RedsGaming\AppData\Roaming\raidcall
2013-06-25 21:39:43    --------    d-----w-    C:\Program Files (x86)\RaidCall
2013-06-21 15:17:28    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C170B431-4655-4B68-9838-6786892701EE}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-07-06 21:42:34    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-06 21:42:34    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-05 04:00:32    867240    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-07-05 04:00:32    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 06:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 22:28:06.09 ===============
 

 

 

 

Here is Mini Tool Box, it shows the system errors:

 

 

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by RedsGaming (administrator) on 07-07-2013 at 19:01:23
Running from "C:\Users\RedsGaming\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : RedsGaming-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-25-22-E7-14-2D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b07f:494b:9cc5:44e%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, July 07, 2013 4:22:01 AM
   Lease Expires . . . . . . . . . . : Wednesday, July 10, 2013 7:30:49 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 234890530
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-5A-DA-B3-00-25-22-E7-14-2D
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{CC23B992-2D0B-46A1-91E7-00446D72D6FE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:28d4:a16:3f57:fdfd(Preferred)
   Link-local IPv6 Address . . . . . : fe80::28d4:a16:3f57:fdfd%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4008:803::1008
      173.194.37.2
      173.194.37.3
      173.194.37.4
      173.194.37.5
      173.194.37.6
      173.194.37.7
      173.194.37.8
      173.194.37.9
      173.194.37.14
      173.194.37.0
      173.194.37.1


Pinging google.com [173.194.37.3] with 32 bytes of data:
Reply from 173.194.37.3: bytes=32 time=10ms TTL=57
Reply from 173.194.37.3: bytes=32 time=11ms TTL=57

Ping statistics for 173.194.37.3:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 11ms, Average = 10ms
Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=118ms TTL=46
Reply from 206.190.36.45: bytes=32 time=127ms TTL=46

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 118ms, Maximum = 127ms, Average = 122ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 25 22 e7 14 2d ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.2    276
      192.168.2.2  255.255.255.255         On-link       192.168.2.2    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:953c:28d4:a16:3f57:fdfd/128
                                    On-link
 11    276 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::28d4:a16:3f57:fdfd/128
                                    On-link
 11    276 fe80::b07f:494b:9cc5:44e/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/07/2013 04:23:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 06:05:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: Unity.exe, version: 3.4.2.27374, time stamp: 0x4eb1b9b2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe06d7363
Fault offset: 0x0000c41f
Faulting process id: 0x7d0
Faulting application start time: 0xUnity.exe0
Faulting application path: Unity.exe1
Faulting module path: Unity.exe2
Report Id: Unity.exe3

Error: (07/06/2013 06:05:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: Unity.exe, version: 3.4.2.27374, time stamp: 0x4eb1b9b2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xe06d7363
Fault offset: 0x0000c41f
Faulting process id: 0xe2c
Faulting application start time: 0xUnity.exe0
Faulting application path: Unity.exe1
Faulting module path: Unity.exe2
Report Id: Unity.exe3

Error: (07/06/2013 04:37:25 PM) (Source: Application Hang) (User: )
Description: The program MediaHub.exe version 1.0.28.100 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4a8

Start Time: 01ce7a888bb074aa

Termination Time: 9

Application Path: C:\Program Files (x86)\Nero\Nero 10\Nero MediaHub\MediaHub.exe

Report Id:

Error: (07/06/2013 04:39:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 01:09:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: ICReinstall_ZipExtractorSetup.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xfe8
Faulting application start time: 0xICReinstall_ZipExtractorSetup.exe0
Faulting application path: ICReinstall_ZipExtractorSetup.exe1
Faulting module path: ICReinstall_ZipExtractorSetup.exe2
Report Id: ICReinstall_ZipExtractorSetup.exe3

Error: (07/06/2013 01:08:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: ICReinstall_ZipExtractorSetup.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x934
Faulting application start time: 0xICReinstall_ZipExtractorSetup.exe0
Faulting application path: ICReinstall_ZipExtractorSetup.exe1
Faulting module path: ICReinstall_ZipExtractorSetup.exe2
Report Id: ICReinstall_ZipExtractorSetup.exe3

Error: (07/06/2013 01:07:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: ICReinstall_ZipExtractorSetup.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xe4c
Faulting application start time: 0xICReinstall_ZipExtractorSetup.exe0
Faulting application path: ICReinstall_ZipExtractorSetup.exe1
Faulting module path: ICReinstall_ZipExtractorSetup.exe2
Report Id: ICReinstall_ZipExtractorSetup.exe3

Error: (07/06/2013 01:07:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: ZipExtractorSetup.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xed8
Faulting application start time: 0xZipExtractorSetup.exe0
Faulting application path: ZipExtractorSetup.exe1
Faulting module path: ZipExtractorSetup.exe2
Report Id: ZipExtractorSetup.exe3

Error: (07/06/2013 01:02:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: ZipExtractorSetup.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xb64
Faulting application start time: 0xZipExtractorSetup.exe0
Faulting application path: ZipExtractorSetup.exe1
Faulting module path: ZipExtractorSetup.exe2
Report Id: ZipExtractorSetup.exe3


System errors:
=============
Error: (07/07/2013 05:50:11 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Auto Connection Manager service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1058

Error: (07/07/2013 07:30:58 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (07/07/2013 07:30:58 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (07/07/2013 07:30:52 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (07/07/2013 07:30:52 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (07/07/2013 04:22:12 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (07/07/2013 04:22:12 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (07/07/2013 04:22:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (07/07/2013 04:22:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (07/07/2013 04:22:08 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (07/07/2013 04:23:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 06:05:26 PM) (Source: Application Error)(User: )
Description: Unity.exe3.4.2.273744eb1b9b2KERNELBASE.dll6.1.7601.1801550b83c8ae06d73630000c41f7d001ce7a94eb3656c6C:\Program Files (x86)\Unity\Editor\Unity.exeC:\Windows\syswow64\KERNELBASE.dll2914618b-e688-11e2-972f-002522e7142d

Error: (07/06/2013 06:05:05 PM) (Source: Application Error)(User: )
Description: Unity.exe3.4.2.273744eb1b9b2KERNELBASE.dll6.1.7601.1801550b83c8ae06d73630000c41fe2c01ce7a94dbfd3d25C:\Program Files (x86)\Unity\Editor\Unity.exeC:\Windows\syswow64\KERNELBASE.dll1c5c26a4-e688-11e2-972f-002522e7142d

Error: (07/06/2013 04:37:25 PM) (Source: Application Hang)(User: )
Description: MediaHub.exe1.0.28.1004a801ce7a888bb074aa9C:\Program Files (x86)\Nero\Nero 10\Nero MediaHub\MediaHub.exe

Error: (07/06/2013 04:39:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 01:09:12 AM) (Source: Application Error)(User: )
Description: ICReinstall_ZipExtractorSetup.exe0.0.0.02a425e19KERNELBASE.dll6.1.7601.1801550b83c8a0eedfade0000c41ffe801ce7a06f292fb36C:\Users\RedsGaming\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exeC:\Windows\syswow64\KERNELBASE.dll31ff473e-e5fa-11e2-807c-002522e7142d

Error: (07/06/2013 01:08:31 AM) (Source: Application Error)(User: )
Description: ICReinstall_ZipExtractorSetup.exe0.0.0.02a425e19KERNELBASE.dll6.1.7601.1801550b83c8a0eedfade0000c41f93401ce7a06da383b42C:\Users\RedsGaming\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exeC:\Windows\syswow64\KERNELBASE.dll19a60deb-e5fa-11e2-807c-002522e7142d

Error: (07/06/2013 01:07:42 AM) (Source: Application Error)(User: )
Description: ICReinstall_ZipExtractorSetup.exe0.0.0.02a425e19KERNELBASE.dll6.1.7601.1801550b83c8a0eedfade0000c41fe4c01ce7a06bd95e62bC:\Users\RedsGaming\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exeC:\Windows\syswow64\KERNELBASE.dllfc04e65d-e5f9-11e2-807c-002522e7142d

Error: (07/06/2013 01:07:31 AM) (Source: Application Error)(User: )
Description: ZipExtractorSetup.exe0.0.0.02a425e19KERNELBASE.dll6.1.7601.1801550b83c8a0eedfade0000c41fed801ce7a06b71095d4C:\Users\RedsGaming\Desktop\ZipExtractorSetup.exeC:\Windows\syswow64\KERNELBASE.dllf5a2ae69-e5f9-11e2-807c-002522e7142d

Error: (07/06/2013 01:02:31 AM) (Source: Application Error)(User: )
Description: ZipExtractorSetup.exe0.0.0.02a425e19KERNELBASE.dll6.1.7601.1801550b83c8a0eedfade0000c41fb6401ce7a0603646d94C:\Users\RedsGaming\Desktop\ZipExtractorSetup.exeC:\Windows\syswow64\KERNELBASE.dll42cdac5c-e5f9-11e2-807c-002522e7142d


CodeIntegrity Errors:
===================================
  Date: 2013-03-30 19:03:31.961
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-30 19:03:31.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-30 19:03:31.914
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-30 19:03:31.899
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-11 19:04:38.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-11 19:04:38.458
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-11 19:04:38.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-11 19:04:38.427
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-13 14:15:04.227
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-13 14:15:04.212
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

3DMark06 (Version: 1.2.0)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
7-zip v9.20 (Version: v9.20)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD AVIVO64 Codecs (Version: 11.6.0.10728)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0309.43.976)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD Media Foundation Decoders (Version: 1.0.70309.0018)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD USB Filter Driver (Version: 1.0.14.91)
AMD VISION Engine Control Center (Version: 2012.0309.43.976)
AMD VISION Engine Control Center (Version: 2012.1219.1521.27485)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Application Profiles (Version: 2.0.4365.36132)
Application Profiles (Version: 2.0.4560.34681)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.10.1.0)
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.91
ASRock InstantBoot v1.28
Audacity 1.3.13 (Unicode)
Blender (Version: 2.60a-release)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0309.43.976)
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (Version: 2012.0309.43.976)
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (Version: 2012.0309.43.976)
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (Version: 2012.0309.0042.976)
CCC Help Chinese Standard (Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (Version: 2012.0309.0042.976)
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485)
CCC Help Czech (Version: 2012.0309.0042.976)
CCC Help Czech (Version: 2012.1219.1520.27485)
CCC Help Danish (Version: 2012.0309.0042.976)
CCC Help Danish (Version: 2012.1219.1520.27485)
CCC Help Dutch (Version: 2012.0309.0042.976)
CCC Help Dutch (Version: 2012.1219.1520.27485)
CCC Help English (Version: 2012.0309.0042.976)
CCC Help English (Version: 2012.1219.1520.27485)
CCC Help Finnish (Version: 2012.0309.0042.976)
CCC Help Finnish (Version: 2012.1219.1520.27485)
CCC Help French (Version: 2012.0309.0042.976)
CCC Help French (Version: 2012.1219.1520.27485)
CCC Help German (Version: 2012.0309.0042.976)
CCC Help German (Version: 2012.1219.1520.27485)
CCC Help Greek (Version: 2012.0309.0042.976)
CCC Help Greek (Version: 2012.1219.1520.27485)
CCC Help Hungarian (Version: 2012.0309.0042.976)
CCC Help Hungarian (Version: 2012.1219.1520.27485)
CCC Help Italian (Version: 2012.0309.0042.976)
CCC Help Italian (Version: 2012.1219.1520.27485)
CCC Help Japanese (Version: 2012.0309.0042.976)
CCC Help Japanese (Version: 2012.1219.1520.27485)
CCC Help Korean (Version: 2012.0309.0042.976)
CCC Help Korean (Version: 2012.1219.1520.27485)
CCC Help Norwegian (Version: 2012.0309.0042.976)
CCC Help Norwegian (Version: 2012.1219.1520.27485)
CCC Help Polish (Version: 2012.0309.0042.976)
CCC Help Polish (Version: 2012.1219.1520.27485)
CCC Help Portuguese (Version: 2012.0309.0042.976)
CCC Help Portuguese (Version: 2012.1219.1520.27485)
CCC Help Russian (Version: 2012.0309.0042.976)
CCC Help Russian (Version: 2012.1219.1520.27485)
CCC Help Spanish (Version: 2012.0309.0042.976)
CCC Help Spanish (Version: 2012.1219.1520.27485)
CCC Help Swedish (Version: 2012.0309.0042.976)
CCC Help Swedish (Version: 2012.1219.1520.27485)
CCC Help Thai (Version: 2012.0309.0042.976)
CCC Help Thai (Version: 2012.1219.1520.27485)
CCC Help Turkish (Version: 2012.0309.0042.976)
CCC Help Turkish (Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.0309.43.976)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 4.03)
Defraggler (Version: 2.14)
Diablo III Beta (Version: 0.11.0.9359)
Dropbox (Version: 2.0.22)
F.E.A.R.
FileASSASSIN (Version: 1.06)
FileZilla Client 3.5.2 (Version: 3.5.2)
Futuremark SystemInfo (Version: 4.2.0)
Garry's Mod
Grand Theft Auto IV
HydraVision (Version: 4.2.210.0)
Inkscape 0.48.2 (Version: 0.48.2)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MorphVOX Pro (Version: 4.3.16)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.3 (Version: 1.2.3)
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0)
Nero BurnRights 10 (Version: 4.0.11300.14.100)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10900)
Nero Control Center 10 (Version: 10.0.12900.2.6)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10900)
Nero Core Components 10 (Version: 2.0.16800.7.15)
Nero CoverDesigner 10 (Version: 5.0.11200.16.100)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10900)
Nero DiscSpeed 10 (Version: 6.0.11400.18.100)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10900)
Nero Express 10 (Version: 10.0.12300.23.100)
Nero Express 10 Help (CHM) (Version: 1.0.10900)
Nero InfoTool 10 (Version: 7.0.11400.15.100)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10900)
Nero MediaHub 10 (Version: 1.0.14800.28.100)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10900)
Nero Multimedia Suite 10 Essentials (Version: 10.0.10300)
Nero StartSmart 10 (Version: 10.0.12600.30.100)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10900)
Nero Update (Version: 1.0.0018)
Neverwinter
Notepad++ (Version: 5.9.6.2)
NVIDIA PhysX (Version: 9.10.0129)
OpenOffice.org 3.3 (Version: 3.3.9567)
Paint.NET v3.5.10 (Version: 3.60.0)
PowerISO (Version: 5.1)
Psychonauts
QuickTime (Version: 7.74.80.86)
RaidCall (Version: 7.2.4-1.0.7299.14)
RealDownloader (Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6378)
RealUpgrade 1.1 (Version: 1.1.0)
Revo Uninstaller 1.95 (Version: 1.95)
RIFT
Sapphire TRIXX
Serious Sam: The Second Encounter
Speccy (Version: 1.13)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.6.1020)
TeamViewer 6 (Version: 6.0.11656)
TERA
THX TruStudio (Version: 1.00.01)
Torque 3D Tools Demo 1.2 (Version: 1.2)
Unity (Version: )
Unity Web Player (Version: )
Unreal Development Kit: 2011-10
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinPatrol (Version: 28.1.2013.0)
World of Battles
World of Warcraft (Version: 5.3.0.17116)
World of Warcraft Public Test (Version: 5.2.0.16446)
XFastUsb
Xvid Video Codec (Version: 1.3.2)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 8171.65 MB
Available physical RAM: 6276.49 MB
Total Pagefile: 16341.48 MB
Available Pagefile: 14583.4 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.97 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:596.07 GB) (Free:369.67 GB) NTFS
2 Drive d: (061110_2307) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\

Administrator            ASPNET                   Guest                    
Red                      RedsGaming               


**** End of log ****
 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:13 AM

Posted 10 July 2013 - 07:53 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Redsama

Redsama
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 AM

Posted 11 July 2013 - 01:29 PM

Still here. I haven't made any more changes since this post. I believe I removed everything (except some registry keys). The ICReinstall application error hasn't come up again (another registry key issue?)



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:13 AM

Posted 11 July 2013 - 07:12 PM

It sounds like you may have sorted out the problem but let's just check with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Posted Image
m0le is a proud member of UNITE

#5 Redsama

Redsama
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 AM

Posted 13 July 2013 - 04:23 PM

Grrr.... these buggers get into everything! The scan found more (or residual)....

 

 

 

 

C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js    Win32/Conduit.SearchProtect.A application    cleaned by deleting - quarantined
C:\Users\RedsGaming\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\28d351d7-601857dc    a variant of Java/Exploit.CVE-2013-0422.AJ trojan    cleaned by deleting - quarantined
C:\Users\RedsGaming\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\782d7e77-11353c31    a variant of Java/Exploit.CVE-2012-1723.IM trojan    cleaned by deleting - quarantined
C:\Users\RedsGaming\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\c393949-43c195af    a variant of Java/TrojanDownloader.Agent.NDJ trojan    cleaned by deleting - quarantined
C:\Users\RedsGaming\AppData\Roaming\Mozilla\Firefox\Profiles\t4056evt.default\prefs.js    JS/SecurityDisabler.A.Gen application    cleaned by deleting - quarantined
C:\Users\RedsGaming\AppData\Roaming\Mozilla\Firefox\Profiles\t4056evt.default\prefs.js.BAK    JS/SecurityDisabler.A.Gen application    cleaned by deleting - quarantined
 



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:13 AM

Posted 13 July 2013 - 06:43 PM

It looks better without them :)

 

Please run OTL and I'll take a manual look at the log

 

 

  • Please download OTL

  • Save it to your desktop.

  • Double click on the otlicon.png icon on your desktop.

  • Click the "Scan All Users" checkbox.

  • Push the runscan.png button.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

 


Posted Image
m0le is a proud member of UNITE

#7 Redsama

Redsama
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 AM

Posted 13 July 2013 - 07:21 PM

__________________________________________________________

 

OTL.txt  ::

__________________________________________________________

 

 

 

OTL logfile created on: 7/13/2013 7:59:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RedsGaming\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.70% Memory free
15.96 Gb Paging File | 13.89 Gb Available in Paging File | 87.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 369.16 Gb Free Space | 61.93% Space Free | Partition Type: NTFS
Drive D: | 235.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REDSGAMING-PC | User Name: RedsGaming | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/13 19:59:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RedsGaming\Desktop\OTL.exe
PRC - [2013/07/06 17:42:34 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/07/03 11:36:25 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/20 11:54:05 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe
PRC - [2011/05/19 12:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/06 17:42:33 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/07/05 18:39:19 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/07/05 18:39:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/07/05 18:39:00 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/07/05 18:38:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/07/05 18:38:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/07/03 11:36:13 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/04 15:08:49 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/04/04 01:40:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/04/04 01:40:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/04/04 01:39:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/04/04 01:39:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/04/04 01:39:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/09 01:10:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/07/03 11:36:24 | 000,117,144 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/06 18:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/11/03 14:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/15 11:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/18 23:57:38 | 000,126,912 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 17:07:08 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2011/11/20 11:54:06 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 17:28:48 | 000,017,192 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011/04/21 14:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/04 17:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 17:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/10/19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 06:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 06:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3345588661-292137370-674005209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3345588661-292137370-674005209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3345588661-292137370-674005209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3345588661-292137370-674005209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 F4 28 4F 2B 7A CE 01  [binary data]
IE - HKU\S-1-5-21-3345588661-292137370-674005209-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3345588661-292137370-674005209-1000\..\SearchScopes\{0326E19D-5793-4da9-A52B-7E6592CE86E1}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms}
IE - HKU\S-1-5-21-3345588661-292137370-674005209-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKU\S-1-5-21-3345588661-292137370-674005209-1000\..\SearchScopes\{267EB5D4-0727-4738-BF5E-FB02E6F0D122}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV
IE - HKU\S-1-5-21-3345588661-292137370-674005209-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3345588661-292137370-674005209-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:0.7.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\RedsGaming\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RedsGaming\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/26 16:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/26 16:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/13 17:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz
 
[2011/11/19 23:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedsGaming\AppData\Roaming\Mozilla\Extensions
[2013/07/06 18:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedsGaming\AppData\Roaming\Mozilla\Firefox\Profiles\t4056evt.default\extensions
[2013/07/06 05:59:09 | 000,312,847 | ---- | M] () (No name found) -- C:\Users\RedsGaming\AppData\Roaming\Mozilla\Firefox\Profiles\t4056evt.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
[2012/11/29 18:52:47 | 000,002,389 | ---- | M] () (No name found) -- C:\Users\RedsGaming\AppData\Roaming\Mozilla\Firefox\Profiles\t4056evt.default\extensions\{05551848-3a3e-45f0-b04a-5ac0db5c8e72}.xpi
[2013/07/06 18:51:10 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\RedsGaming\AppData\Roaming\Mozilla\Firefox\Profiles\t4056evt.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2013/07/07 19:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/24 00:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/03 11:36:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/03/30 19:03:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O3 - HKU\S-1-5-21-3345588661-292137370-674005209-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-3345588661-292137370-674005209-1000..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-3345588661-292137370-674005209-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\RedsGaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RedsGaming\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3345588661-292137370-674005209-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3345588661-292137370-674005209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC23B992-2D0B-46A1-91E7-00446D72D6FE}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/13 19:59:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RedsGaming\Desktop\OTL.exe
[2013/07/13 15:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/07/13 15:39:18 | 002,347,384 | ---- | C] (ESET) -- C:\Users\RedsGaming\Desktop\esetsmartinstaller_enu.exe
[2013/07/10 18:08:10 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Local\VirtualStore
[2013/07/08 13:38:40 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\Desktop\Firewall_files
[2013/07/07 19:33:57 | 000,660,160 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\RedsGaming\Desktop\autoruns.exe
[2013/07/07 19:21:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/07 19:21:27 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/07 19:21:15 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\RedsGaming\Desktop\JRT.exe
[2013/07/07 19:16:08 | 001,814,144 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\RedsGaming\Desktop\rkill.scr
[2013/07/07 16:53:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/07 11:02:36 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Roaming\PowerISO
[2013/07/07 05:48:33 | 000,579,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\RedsGaming\Desktop\autorunsc.exe
[2013/07/07 05:39:10 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\RedsGaming\Desktop\dds.com
[2013/07/07 05:23:48 | 000,300,832 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\RedsGaming\Desktop\Tcpview.exe
[2013/07/07 05:23:48 | 000,199,544 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\RedsGaming\Desktop\Tcpvcon.exe
[2013/07/07 04:26:06 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/07 04:12:02 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Roaming\SUPERAntiSpyware.com
[2013/07/07 04:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/07/06 17:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/07/06 17:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/07/06 08:42:40 | 000,000,000 | R--D | C] -- C:\Users\RedsGaming\Desktop\RKiller reports
[2013/07/06 02:03:09 | 088,168,720 | ---- | C] (Microsoft Corporation) -- C:\Users\RedsGaming\Desktop\msert.exe
[2013/07/06 01:52:54 | 014,685,208 | ---- | C] (Trend Micro Inc.) -- C:\Users\RedsGaming\Desktop\RootkitBusterV5.0-1129x64.exe.part
[2013/07/06 01:35:54 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\RedsGaming\Desktop\FixExec.exe
[2013/07/06 01:31:41 | 000,760,775 | ---- | C] (Farbar) -- C:\Users\RedsGaming\Desktop\MiniToolBox.exe
[2013/07/06 01:30:01 | 001,934,636 | ---- | C] (Farbar) -- C:\Users\RedsGaming\Desktop\FRST64.exe
[2013/07/06 01:28:55 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\RedsGaming\Desktop\unhide.exe
[2013/07/05 13:25:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/05 13:25:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/05 13:25:36 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/05 13:25:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/05 13:25:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/05 13:25:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/05 13:25:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/05 13:25:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/05 13:25:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/05 13:25:35 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/05 13:25:34 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/05 13:25:34 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/05 13:25:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/05 13:24:33 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/05 13:24:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/05 13:23:19 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/07/05 13:23:19 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/07/05 13:23:17 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/07/05 13:23:17 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/07/05 13:23:16 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/07/05 13:23:16 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/07/05 13:23:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/07/05 13:23:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/07/05 13:23:15 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/07/05 13:23:14 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/07/05 13:23:14 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/07/05 13:23:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/07/05 13:23:12 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/07/05 13:23:08 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/07/05 13:23:08 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/07/05 13:23:07 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/07/05 13:23:07 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/07/05 13:23:07 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/07/05 13:23:07 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/07/05 13:23:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/07/05 13:23:02 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/07/05 13:23:02 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/07/05 13:22:56 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/07/05 13:22:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/07/05 13:22:55 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/07/05 13:22:55 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/07/05 10:29:46 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Local\Apps
[2013/07/05 10:02:22 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Roaming\TeamViewer
[2013/07/05 07:55:12 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Roaming\WinPatrol
[2013/07/05 07:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/07/05 07:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013/06/30 18:28:34 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\Documents\RIFT
[2013/06/30 17:17:41 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Roaming\RIFT
[2013/06/30 17:17:41 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
[2013/06/30 17:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT
[2013/06/28 23:40:17 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Local\TERA
[2013/06/28 22:14:13 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TERA
[2013/06/25 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Roaming\raidcall
[2013/06/25 17:39:48 | 000,000,000 | ---D | C] -- C:\Users\RedsGaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013/06/25 17:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013/06/25 17:39:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/13 19:59:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RedsGaming\Desktop\OTL.exe
[2013/07/13 16:54:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/13 15:39:19 | 002,347,384 | ---- | M] (ESET) -- C:\Users\RedsGaming\Desktop\esetsmartinstaller_enu.exe
[2013/07/13 03:12:39 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/13 03:12:39 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/12 21:30:50 | 000,023,712 | ---- | M] () -- C:\Users\RedsGaming\Desktop\Cellular-5.3.001.zip
[2013/07/12 21:30:02 | 000,979,326 | ---- | M] () -- C:\Users\RedsGaming\Desktop\MogIt-3.1.5.zip
[2013/07/12 21:29:36 | 001,739,095 | ---- | M] () -- C:\Users\RedsGaming\Desktop\DBM-Core-5.3.4.zip
[2013/07/10 18:12:56 | 000,793,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/10 18:12:56 | 000,669,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/10 18:12:56 | 000,125,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/10 18:07:40 | 2131,476,479 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/07 22:43:48 | 000,007,598 | ---- | M] () -- C:\Users\RedsGaming\AppData\Local\resmon.resmoncfg
[2013/07/07 20:09:04 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/07/07 19:21:16 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\RedsGaming\Desktop\JRT.exe
[2013/07/07 19:16:11 | 001,814,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\RedsGaming\Desktop\rkill.scr
[2013/07/07 18:53:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/07 13:22:08 | 000,000,162 | ---- | M] () -- C:\Users\RedsGaming\Desktop\SecuROM.reg
[2013/07/07 07:15:54 | 000,001,016 | ---- | M] () -- C:\Users\RedsGaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/07/07 05:39:12 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\RedsGaming\Desktop\dds.com
[2013/07/07 04:23:40 | 000,000,994 | ---- | M] () -- C:\Users\RedsGaming\Desktop\Dropbox.lnk
[2013/07/07 04:11:44 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/07 03:42:40 | 000,001,264 | ---- | M] () -- C:\Users\RedsGaming\Desktop\Revo Uninstaller.lnk
[2013/07/07 03:41:24 | 001,402,880 | ---- | M] () -- C:\Users\RedsGaming\Desktop\HiJackThis.msi
[2013/07/07 03:38:07 | 000,650,027 | ---- | M] () -- C:\Users\RedsGaming\Desktop\AdwCleaner.exe
[2013/07/06 19:56:19 | 000,000,512 | ---- | M] () -- C:\Users\RedsGaming\Desktop\MBR.dat
[2013/07/06 17:56:15 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/07/06 17:42:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/06 17:42:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/06 09:10:35 | 000,001,351 | ---- | M] () -- C:\Users\RedsGaming\Desktop\Sticky Notes.lnk
[2013/07/06 02:04:37 | 088,168,720 | ---- | M] (Microsoft Corporation) -- C:\Users\RedsGaming\Desktop\msert.exe
[2013/07/06 01:53:06 | 014,685,208 | ---- | M] (Trend Micro Inc.) -- C:\Users\RedsGaming\Desktop\RootkitBusterV5.0-1129x64.exe.part
[2013/07/06 01:35:55 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\RedsGaming\Desktop\FixExec.exe
[2013/07/06 01:31:46 | 000,760,775 | ---- | M] (Farbar) -- C:\Users\RedsGaming\Desktop\MiniToolBox.exe
[2013/07/06 01:30:04 | 001,934,636 | ---- | M] (Farbar) -- C:\Users\RedsGaming\Desktop\FRST64.exe
[2013/07/06 01:28:56 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\RedsGaming\Desktop\unhide.exe
[2013/07/05 22:13:52 | 000,001,441 | ---- | M] () -- C:\Users\RedsGaming\Desktop\MSASCui.exe - Shortcut.lnk
[2013/07/05 18:37:32 | 000,294,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/05 04:44:53 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/07/05 02:22:39 | 000,000,920 | ---- | M] () -- C:\Users\RedsGaming\Desktop\Neverwinter.lnk
[2013/07/05 00:00:32 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/07/05 00:00:32 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/04 06:15:32 | 003,775,488 | ---- | M] () -- C:\Users\RedsGaming\Desktop\RogueKillerX64.exe
[2013/07/04 05:58:11 | 000,035,297 | ---- | M] () -- C:\Users\RedsGaming\Desktop\My_Bill_20130619.pdf
[2013/07/03 07:12:30 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/30 17:17:42 | 000,000,944 | ---- | M] () -- C:\Users\RedsGaming\Desktop\RIFT.lnk
[2013/06/29 16:45:06 | 000,001,930 | ---- | M] () -- C:\Users\RedsGaming\Desktop\TERA.lnk
[2013/06/27 23:20:52 | 000,660,160 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\RedsGaming\Desktop\autoruns.exe
[2013/06/27 23:20:52 | 000,579,264 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\RedsGaming\Desktop\autorunsc.exe
[2013/06/25 17:39:48 | 000,001,007 | ---- | M] () -- C:\Users\RedsGaming\Desktop\RaidCall.lnk
 
========== Files Created - No Company Name ==========
 
[2013/07/12 21:30:49 | 000,023,712 | ---- | C] () -- C:\Users\RedsGaming\Desktop\Cellular-5.3.001.zip
[2013/07/12 21:29:54 | 000,979,326 | ---- | C] () -- C:\Users\RedsGaming\Desktop\MogIt-3.1.5.zip
[2013/07/12 21:29:27 | 001,739,095 | ---- | C] () -- C:\Users\RedsGaming\Desktop\DBM-Core-5.3.4.zip
[2013/07/07 13:22:08 | 000,000,162 | ---- | C] () -- C:\Users\RedsGaming\Desktop\SecuROM.reg
[2013/07/07 07:15:54 | 000,001,016 | ---- | C] () -- C:\Users\RedsGaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/07/07 05:48:33 | 000,049,518 | ---- | C] () -- C:\Users\RedsGaming\Desktop\autoruns.chm
[2013/07/07 04:11:44 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/07 03:41:23 | 001,402,880 | ---- | C] () -- C:\Users\RedsGaming\Desktop\HiJackThis.msi
[2013/07/07 03:38:01 | 000,650,027 | ---- | C] () -- C:\Users\RedsGaming\Desktop\AdwCleaner.exe
[2013/07/06 17:56:15 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/07/06 09:10:35 | 000,001,351 | ---- | C] () -- C:\Users\RedsGaming\Desktop\Sticky Notes.lnk
[2013/07/06 03:52:08 | 000,000,512 | ---- | C] () -- C:\Users\RedsGaming\Desktop\MBR.dat
[2013/07/05 22:13:52 | 000,001,441 | ---- | C] () -- C:\Users\RedsGaming\Desktop\MSASCui.exe - Shortcut.lnk
[2013/07/04 05:58:09 | 000,035,297 | ---- | C] () -- C:\Users\RedsGaming\Desktop\My_Bill_20130619.pdf
[2013/06/30 17:17:42 | 000,000,944 | ---- | C] () -- C:\Users\RedsGaming\Desktop\RIFT.lnk
[2013/06/28 22:47:30 | 000,001,930 | ---- | C] () -- C:\Users\RedsGaming\Desktop\TERA.lnk
[2013/06/25 17:39:48 | 000,001,007 | ---- | C] () -- C:\Users\RedsGaming\Desktop\RaidCall.lnk
[2013/03/30 18:55:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/30 18:55:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/30 18:55:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/30 18:55:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/30 18:55:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/07 02:42:13 | 000,007,598 | ---- | C] () -- C:\Users\RedsGaming\AppData\Local\resmon.resmoncfg
[2012/05/26 04:38:24 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/05/26 04:38:24 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/03 00:50:38 | 000,000,098 | ---- | C] () -- C:\Users\RedsGaming\AppData\Local\fusioncache.dat
[2011/11/20 13:14:39 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/11/20 11:55:33 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/11/20 11:55:33 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/11/20 11:55:33 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/11/20 11:55:32 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/11/20 11:55:32 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/11/19 23:46:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/19 23:29:35 | 000,787,022 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

 

 

_______________________________________________________________

 

 

Extras.txt ::

 

_______________________________________________________________

 

 

 

OTL Extras logfile created on: 7/13/2013 7:59:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RedsGaming\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.70% Memory free
15.96 Gb Paging File | 13.89 Gb Available in Paging File | 87.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 369.16 Gb Free Space | 61.93% Space Free | Partition Type: NTFS
Drive D: | 235.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REDSGAMING-PC | User Name: RedsGaming | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3345588661-292137370-674005209-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050CF694-D430-4BD1-A316-19A3CE014995}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{0679B06A-0D0A-4D63-8CC7-5A94FE3DF72E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{06A6E218-CBD4-43C6-BD5C-92296E61B683}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{0AF148A1-DF1E-4DF1-898C-EFC422E9BC23}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{0B217E3C-F33A-4D9A-A137-921B8821C590}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
"{0B76DA34-F009-48FF-AEF6-5C075A270801}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{0D727D39-8323-41F1-85B9-15A7ED5DC166}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear ultimate shooter edition\fearxp\fearxp.exe |
"{106FBF8A-D504-46D0-84D1-1117735526E2}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{10BF487D-A007-41EA-9BA5-E480B4C136F0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{10ED7A82-CC5E-445D-B695-C46CE3CFF132}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{16E4BB4F-FE61-4390-8308-0F8FCBD2969C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
"{184D90AF-5707-4BE8-A9E9-9FE2B82E0D12}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear ultimate shooter edition\fearxp2\fearxp2.exe |
"{1B0295CC-5C62-42C3-95FD-DFC789CE4745}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{1B9EE164-BF96-45D4-B6D2-E7F919E8EB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{1D6CF6CB-B07A-4E6C-85AC-E2E79E65A140}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
"{22A19C07-4920-448D-B846-928386C1AC74}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{24F92A10-F734-4918-9EBD-F15CF8590E5B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{254E8B43-159C-40FA-B60A-6D0F366D69B7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{26447F8B-BEA6-451E-B1EC-EFC255C011CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\perfectlysick\zombie panic! source\hl2.exe |
"{2A4C16D8-73C7-4DB9-858C-66F3C3677837}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rise of immortals\roiclientr.exe |
"{2B888192-BDFD-4599-A6DB-DA75CE33A276}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\perfectlysick\counter-strike source\hl2.exe |
"{3088F43C-CEAE-4279-8818-DCEA5B0E9250}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"{373D1CE6-410D-42BA-8154-F8C4762AAF9D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{397445C7-5A94-41D8-9906-DF1766F5478F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{3ED5C246-B010-4C56-9E27-37CE61B230F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{42ABC8B5-1CDD-4F16-BF21-39B68ABF6464}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\perfectlysick\zombie panic! source\hl2.exe |
"{45B3DA80-B739-460E-9143-E5ED19B14814}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{4808C442-1FE6-418B-8CB3-19E87D36E662}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear ultimate shooter edition\fear.exe |
"{498DBD95-2543-463E-966C-B7BA8A738596}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{4A70D847-B834-4957-BF76-7AB65DCB6DE6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{4BD37092-D6C1-4D5A-803D-1367DBCE4700}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of battles\release\launcher.exe |
"{4EFC8984-6C05-416D-9B35-00A3FA4515C9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{5195F61C-14D6-4CD2-A9E8-AEAFD6418AAA}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
"{522FA77E-16F6-4FF8-9A20-73291DA29C48}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{52954503-C07F-4B30-9152-621FE87F9394}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\perfectlysick\garrysmod\hl2.exe |
"{61A93FA9-5C3D-40C5-A130-2E29B5EECF1D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{631C3436-C33C-4D02-8CFE-81388BA014FE}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
"{64EE4584-5BC1-4319-8EED-0CDC531EB25E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
"{6A7DAE0A-493C-41F0-81B8-64C7DC208322}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{6C4F6DF6-3662-40A6-9A78-7B997CECEE8A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{700C1C34-688D-4120-9B12-5C91DA5E309F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7666A4CD-3A37-4AF7-A8F4-8FC513088054}" = protocol=6 | dir=in | app=c:\users\redsgaming\appdata\roaming\dropbox\bin\dropbox.exe |
"{77ADCFDB-8B1B-4FAA-B6C5-29B7BCC664C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear ultimate shooter edition\fearxp\fearxp.exe |
"{78AA6E0C-F490-459C-99B5-CB85A0F024D5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7B593E7A-BFAB-47AD-8E82-9D04799C2156}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
"{7D7187CC-8B5A-47B7-8452-06DA9F86FFD5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{80C06F21-7E96-45EB-A241-810A4DB4C4E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{841282E1-F4EA-4E57-89BF-4217D5EA3678}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{87912190-7CBE-49DF-AEA3-B22C96C05698}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8EC5C3C6-9449-4063-AF70-76136C7FE0C3}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{9FB92FD5-D709-4DB4-936D-2DB57E98D8B3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{A4841C29-DF58-4DB7-8F09-302248DBA4EC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A8E74DFE-2AD3-4AD8-BD23-2D50CFFC8202}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{AA6EDF29-A8E3-4DC1-8EF5-753527C9F453}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{AEE4BDE9-E2B6-4C95-B829-C4081ABE636D}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{B4C4E754-C975-4DDC-99D1-F251EC4D3B8B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe |
"{B78F6781-CCD8-4CC9-A170-DAF415F032F9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BB01044E-C3D2-47E0-9A2D-A045EC9E21D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{BB250FB4-37DD-4DD7-82AB-4ACA23A3EC94}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{C1A40ADA-81CD-4209-BA76-BFAB83E6DB59}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C540A7EC-6BAB-4704-902F-93A34D19675D}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
"{C7C3B701-38E3-4CCE-A85A-EB4E1F1FA68B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{CBA61497-84CE-40B6-9B5B-2493F1C3A83D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear ultimate shooter edition\fear.exe |
"{CEC785A4-9F3B-4E83-A457-8A76165AD83C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of battles\release\launcher.exe |
"{D164FA56-B9D6-43F6-BEAB-0F2A4AE20D77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rise of immortals\roiclientr.exe |
"{D590908F-41CD-418B-9C85-4B798CF3FB9B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{DA00A5CA-777F-4935-ACDB-F929F2DF2EF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\perfectlysick\counter-strike source\hl2.exe |
"{DD8C229C-ECFF-409E-8903-A0F89D6E63B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rise of immortals\clientlauncherr.exe |
"{DF2F382D-A5BD-41FD-B2C6-87588973B7FF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{DFAEF375-179C-4B01-AD0C-4E20BA007847}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe |
"{E237BF93-2582-455C-B3CC-BF930AEBD82B}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
"{E64A983E-8CDB-4152-926D-32E5B7031276}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E75D9ABB-8847-4CB0-AF94-C335EC681A92}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
"{EAE79769-13AD-473B-9146-503A453BF091}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{EE307919-E1CA-4838-B415-5497F6A4EBF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rise of immortals\clientlauncherr.exe |
"{F14F040E-D777-4526-8803-C75C44ED5D55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear ultimate shooter edition\fearxp2\fearxp2.exe |
"{F3191A07-9A69-48E3-B044-0113227C9E5B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{F6B4BE16-B981-471B-BB3A-BD1D5D523B58}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{F84E1C84-22EE-4C81-BA23-55D7EA0B8E3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\perfectlysick\garrysmod\hl2.exe |
"{FA2AB44D-2469-4A98-8FA8-41736A93C6AA}" = protocol=17 | dir=in | app=c:\users\redsgaming\appdata\roaming\dropbox\bin\dropbox.exe |
"{FC89EDEA-2D8C-49C1-903B-674C8B9D480C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{FE11DF70-6749-4541-8838-FE0B147F309A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{FFECD071-874B-4143-8783-25BAF8952A8A}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{0D3D77AF-E86D-4093-A9BA-6C560A87CD76}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{10D6EEF9-275D-4C55-91DE-C6A56EF26BAE}C:\users\redsgaming\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\redsgaming\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{288B88A9-7FD7-4A3F-91AB-E2E98B453935}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{2DA61189-3F36-46F6-B345-194FDA4D66CE}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{43AE8EA6-3B7F-4A42-BEDE-F4D47C47BCD7}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{492E08EC-58B2-4D3B-B85B-FECDA251E5EA}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{49F6FADE-FD53-4948-8E7A-5865B05D5329}C:\users\redsgaming\appdata\roaming\vepia\yvisn.exe" = protocol=6 | dir=in | app=c:\users\redsgaming\appdata\roaming\vepia\yvisn.exe |
"TCP Query User{4A68DB56-922D-436B-9B6E-CA6F15900301}C:\users\redsgaming\appdata\local\temp\7zoad3f.tmp\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\redsgaming\appdata\local\temp\7zoad3f.tmp\redsn0w.exe |
"TCP Query User{4AAB75B6-DEEB-4260-B918-EC0A0781C041}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"TCP Query User{54123591-C3CB-42E9-AEC1-46F278428E65}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{609B7602-F37C-43E8-8D96-44E9DF288073}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{69C431D1-C012-44B0-8768-3BB17C2F7005}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{715D64E6-7B0D-45AC-A64C-0F703620CBB5}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"TCP Query User{721F062C-853F-4A1F-BF1A-E7C06C4333DA}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{86A7B0A1-18D5-40AF-96AC-52BD0A25EF0F}C:\program files (x86)\steam\steamapps\perfectlysick\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\perfectlysick\team fortress 2\hl2.exe |
"TCP Query User{9485CA3C-0B1A-4562-B1E0-B2EE9C29D7EF}C:\users\redsgaming\desktop\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\redsgaming\desktop\neverwinter_nw.1.20130416a.6.exe |
"TCP Query User{A6E6E5B7-D7F8-458A-BA96-72C8FE7168FF}C:\users\redsgaming\appdata\local\temp\7zo3228.tmp\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\redsgaming\appdata\local\temp\7zo3228.tmp\redsn0w.exe |
"TCP Query User{AABF9BF9-D328-4F67-AD4F-664BE2E33C53}C:\users\redsgaming\desktop\ptr-installer-en_us.exe" = protocol=6 | dir=in | app=c:\users\redsgaming\desktop\ptr-installer-en_us.exe |
"TCP Query User{BFAB2536-0D56-41D6-8C60-E4FE73598002}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{C3FDCC27-F434-40A7-A16C-FEBEAF915AE6}C:\udk\udk-2011-10\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-10\binaries\win32\udk.exe |
"TCP Query User{C414C826-480C-4598-B786-C3AA81F8AA9C}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{CAAFD8F1-22B5-4F53-8D5F-4519F5A4FE9B}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"TCP Query User{CB380679-BE10-4056-B0AA-E5BD6502C781}C:\program files (x86)\croteam\serious sam - the second encounter\bin\serioussam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\croteam\serious sam - the second encounter\bin\serioussam.exe |
"TCP Query User{CC8DB9E0-AAAF-4227-90E0-03B51DECB493}C:\program files\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{DF348563-42C8-4541-AF28-2BDEC4F567D6}C:\udk\udk-2011-10\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-10\binaries\win64\udk.exe |
"TCP Query User{E4868F9F-7C20-4A22-8B29-F3CBCDC79AD9}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{F032BFCC-BCAE-4686-B109-CF6D03E950BC}C:\users\redsgaming\appdata\local\temp\7zo91d5.tmp\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\redsgaming\appdata\local\temp\7zo91d5.tmp\redsn0w.exe |
"UDP Query User{05DCEEF1-E2CE-4D04-A3AE-4F9EA4A183D1}C:\users\redsgaming\appdata\local\temp\7zoad3f.tmp\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\redsgaming\appdata\local\temp\7zoad3f.tmp\redsn0w.exe |
"UDP Query User{10F12C6D-5828-41D0-BFDA-8FC92142ABF9}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{2565BB9D-B157-458F-8A9D-A7DC52183CF4}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{34EDC8F7-6898-49F0-A1D7-0EA8BB66BBA8}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{35E99D9C-CF2B-4DD4-B383-DB6D03D9C0ED}C:\program files\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{3D637575-8B4B-4558-A9B0-033BE237065D}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{4CF3CAAE-EBEE-4C30-A770-0E0FDA7044C4}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{4E19F197-6D83-460D-9948-D923C501CBA9}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{56A1E7AE-8404-472E-9736-84816FF17925}C:\users\redsgaming\appdata\roaming\vepia\yvisn.exe" = protocol=17 | dir=in | app=c:\users\redsgaming\appdata\roaming\vepia\yvisn.exe |
"UDP Query User{63CCCB02-3024-40C0-9402-92E26B5A9F77}C:\udk\udk-2011-10\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-10\binaries\win64\udk.exe |
"UDP Query User{69128184-04FF-4552-B654-D901DB61544C}C:\udk\udk-2011-10\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-10\binaries\win32\udk.exe |
"UDP Query User{7D83E221-42F4-4D18-8FAA-2EF3A4BA3586}C:\users\redsgaming\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\redsgaming\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8AB3321C-4E04-4BBD-A673-E3091041DACB}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8DF3214F-243E-4DAF-806C-2EAA8D7FFCF5}C:\users\redsgaming\appdata\local\temp\7zo91d5.tmp\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\redsgaming\appdata\local\temp\7zo91d5.tmp\redsn0w.exe |
"UDP Query User{8FDC2A92-C2FB-45C9-8A10-C41616A58C66}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"UDP Query User{914D5F93-3147-40E0-9067-0D43BD05A0A9}C:\users\redsgaming\desktop\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\redsgaming\desktop\neverwinter_nw.1.20130416a.6.exe |
"UDP Query User{98163D17-4FEF-4B9A-B412-98C55524E5C0}C:\users\redsgaming\appdata\local\temp\7zo3228.tmp\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\redsgaming\appdata\local\temp\7zo3228.tmp\redsn0w.exe |
"UDP Query User{AE366645-328C-4333-8466-5245452723F2}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{BAA99F98-0F69-4A30-897E-D3A2CA8019F3}C:\users\redsgaming\desktop\ptr-installer-en_us.exe" = protocol=17 | dir=in | app=c:\users\redsgaming\desktop\ptr-installer-en_us.exe |
"UDP Query User{BC739E6A-2BD2-46BD-9829-BFE634107E35}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{C50B8174-3BCB-4CB5-B20B-2CC62523E8D1}C:\program files (x86)\croteam\serious sam - the second encounter\bin\serioussam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\croteam\serious sam - the second encounter\bin\serioussam.exe |
"UDP Query User{C86B1389-345F-4029-80B5-AC65D5F46BFB}C:\program files (x86)\steam\steamapps\perfectlysick\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\perfectlysick\team fortress 2\hl2.exe |
"UDP Query User{DA68DB3D-D0F7-4DFB-8FDA-EA7EA065775C}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{DC400E35-1D0F-4E38-A475-2BA2D6E1CC9D}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"UDP Query User{E80F398E-B428-4562-A126-D222E719BFDF}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{E85A6DB7-56A0-4C55-8A99-83F50E8B1C2E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{F84FDC82-52FF-46F0-B8BC-C94015DF41D3}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1324D89E-6452-A561-B97E-053C2AE6F7FF}" = AMD Drag and Drop Transcoding
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9005CF63-F082-65AD-7431-7EBF31642279}" = AMD Fuel
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{B9609B6D-9532-E0F8-BE41-DFE18BFAEC22}" = AMD AVIVO64 Codecs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"Blender" = Blender
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy
"UDK-06f6ea0b-afe7-47d2-91ee-1de1b6d12d00" = Unreal Development Kit: 2011-10
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0309F85C-B1CC-DA9F-D184-FE93CCF08E1D}" = Application Profiles
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{189B9ACF-DBA6-4F52-8726-2E11049FB1F7}" = HydraVision
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{6211B229-2D0B-4653-9338-3A2FBF2C4A9E}" = MorphVOX Pro
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7D0A13FA-56BC-4755-8BAF-45A69BA6A5C8}" = Nero Multimedia Suite 10 Essentials
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B106B636-CAE2-B7BC-2988-3FD21DB1E0C7}" = Application Profiles
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = AMD VISION Engine Control Center
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-zip" = 7-zip v9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.91
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.28
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Diablo III Beta" = Diablo III Beta
"ESET Online Scanner" = ESET Online Scanner v3
"FileASSASSIN" = FileASSASSIN
"FileZilla Client" = FileZilla Client 3.5.2
"Inkscape" = Inkscape 0.48.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"Notepad++" = Notepad++
"PowerISO" = PowerISO
"RaidCall" = RaidCall
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.95
"Sapphire TRIXX" = Sapphire TRIXX
"Steam App 113900" = World of Battles
"Steam App 12210" = Grand Theft Auto IV
"Steam App 21090" = F.E.A.R.
"Steam App 3830" = Psychonauts
"Steam App 4000" = Garry's Mod
"TeamViewer 6" = TeamViewer 6
"Torque 3D Tools Demo1.2" = Torque 3D Tools Demo 1.2
"Unity" = Unity
"VLC media player" = VLC media player 1.1.11
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"XFastUsb" = XFastUsb
"Xvid Video Codec 1.3.1" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3345588661-292137370-674005209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"RIFT" = RIFT
"teraenmasse" = TERA
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/10/2013 6:08:19 PM | Computer Name = RedsGaming-PC | Source = Windows Search Service | ID = 3028
Description =
 
Error - 7/10/2013 6:08:19 PM | Computer Name = RedsGaming-PC | Source = Windows Search Service | ID = 3058
Description =
 
Error - 7/10/2013 6:08:19 PM | Computer Name = RedsGaming-PC | Source = Windows Search Service | ID = 7010
Description =
 
Error - 7/10/2013 6:09:26 PM | Computer Name = RedsGaming-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/12/2013 9:18:34 PM | Computer Name = RedsGaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 22.0.0.4917, time
 stamp: 0x51c06b1b  Faulting module name: xul.dll, version: 22.0.0.4917, time stamp:
 0x51c06a5b  Exception code: 0xc0000005  Fault offset: 0x00173668  Faulting process id:
 0x704  Faulting application start time: 0x01ce7f668d06ef28  Faulting application path:
 C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program
 Files (x86)\Mozilla Firefox\xul.dll  Report Id: 22dc14b2-eb5a-11e2-a956-002522e7142d
 
Error - 7/13/2013 3:39:19 PM | Computer Name = RedsGaming-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\RedsGaming\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 7/13/2013 3:39:20 PM | Computer Name = RedsGaming-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\RedsGaming\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 7/13/2013 3:40:03 PM | Computer Name = RedsGaming-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\RedsGaming\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 7/13/2013 3:40:03 PM | Computer Name = RedsGaming-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\RedsGaming\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 7/13/2013 3:40:14 PM | Computer Name = RedsGaming-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\RedsGaming\Desktop\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 7/11/2013 2:53:34 PM | Computer Name = RedsGaming-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1058
 
Error - 7/11/2013 2:53:34 PM | Computer Name = RedsGaming-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1058
 
Error - 7/11/2013 2:53:34 PM | Computer Name = RedsGaming-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1058
 
Error - 7/11/2013 2:53:34 PM | Computer Name = RedsGaming-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1058
 
Error - 7/11/2013 3:07:32 PM | Computer Name = RedsGaming-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1058
 
Error - 7/11/2013 3:07:32 PM | Computer Name = RedsGaming-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1058
 
Error - 7/13/2013 2:59:31 PM | Computer Name = RedsGaming-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1058
 
Error - 7/13/2013 2:59:31 PM | Computer Name = RedsGaming-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1058
 
Error - 7/13/2013 4:54:33 PM | Computer Name = RedsGaming-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1058
 
Error - 7/13/2013 4:54:33 PM | Computer Name = RedsGaming-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
 failed to start because of the following error:   %%1058
 
 
< End of report >
 



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:13 AM

Posted 14 July 2013 - 07:57 PM

A few harmless remnants to remove with OTL

 

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :OTL
    O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
     
    O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

 


Posted Image
m0le is a proud member of UNITE

#9 Redsama

Redsama
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 AM

Posted 14 July 2013 - 09:46 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 07142013_224515
 



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:13 AM

Posted 16 July 2013 - 07:07 PM

Just remnants, nothing else.

How is the machine running?
Posted Image
m0le is a proud member of UNITE

#11 Redsama

Redsama
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 AM

Posted 20 July 2013 - 07:28 PM

It's running great!!   I appreciate your help with everything!!  Sorry I had to go out of town and took so long to reply.

 

Would you recommend a pop-up blocker for Firefox? There have been a few times when clicking trusted places that still throw out new windows to the unknown, even though pop-ups are blocked in the settings.



#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:13 AM

Posted 22 July 2013 - 07:07 PM

I would indeed recommend a pop-up blocker for any browser actually.

 

I think we can wrap this one up

 

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

  • Reopen otlicon.png on your desktop.
  • Click on cleanup.png
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible


It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it, happy surfing!

Cheers.

m0le


Posted Image
m0le is a proud member of UNITE

#13 Redsama

Redsama
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:13 AM

Posted 23 July 2013 - 12:12 AM

OTL, check.

SecurityCheck, check, all updated.

Switching back to Avast, check.

SuperAntiSpyware, check.

 

Thanks m0le :guitar:  you rock!

 

 

Cheers!  :thumbup2:



#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:13 AM

Posted 27 July 2013 - 07:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users