Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.Optional.Tarma.A - gone?


  • This topic is locked This topic is locked
27 replies to this topic

#1 WyldCat

WyldCat

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluegrass State
  • Local time:04:31 AM

Posted 22 August 2013 - 09:22 AM

I think I killed it? But want to be sure. I wasn't having any problems before this that

I noticed. But it had been awhile since I'd run a Full Scan.  When I did run a full

scan is when I found it.  This is my first post. I'm following Grinler's "Preperation

Guide", so I hope I'm posting this correctly and including information that is needed...

My PC is dual boot WinXP & Win7 64 Pro.  This was found on the Win 7 boot.

 

When I found PUP.Optional.Tarma.A, I ran the following in this order:

AdwCleaner

Junk Removal Tool

Malwarebytes

 

I checked also with eset online scanner, RogueKiller, Emsisoft Anti-Malware

and HitmanPro. The PUP.Optional.Tarma.A seems to be gone(?) but HitmanPro

and RogueKiller pointed out some 'suspicious' things. DDS Log posted below:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by WildCat at 9:54:16 on 2013-08-22
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8190.5402 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\AntiVirus\AVAST\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
M:\Tribes Ascend\HiPatchService.exe
C:\AntiVirus\Malwarebytes\mbamscheduler.exe
C:\AntiVirus\Malwarebytes\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Tools\Macrium Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Game Controllers\X-Mouse Button Control\XMouseButtonSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\AntiVirus\Malwarebytes\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Tools\EVGA Precision Tune\EVGAPrecision.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Game Controllers\X-Mouse Button Control\XMouseButtonControl.exe
C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
C:\AntiVirus\AVAST\AvastUI.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\AntiVirus\AVAST\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\AntiVirus\AVAST\aswWebRepIE.dll
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Google Update] "C:\Users\WildCat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avast] "C:\AntiVirus\AVAST\avastUI.exe" /nogui
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe --background
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
StartupFolder: C:\Users\WildCat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SHELLF~1.LNK - C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1321279743776
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5DE85FC5-DD1E-4A5A-B21A-F9A4056E45E5} : NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{5DE85FC5-DD1E-4A5A-B21A-F9A4056E45E5} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\AntiVirus\AVAST\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\AntiVirus\AVAST\aswWebRepIE64.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Documents and Settings\WildCat\Application Data\Mozilla\Firefox\Profiles\prmeitzh.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Media Players\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Media Players\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Media Players\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Media Players\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Media Players\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Media Players\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Media Players\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\Media Players\VLC\npvlc.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\WildCat\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\WildCat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\WildCat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\WildCat\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\WildCat\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;M:\Tribes Ascend\HiPatchService.exe [2013-2-7 8704]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-1 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-1 189936]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-8-22 26176]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-27 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-27 378944]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-8-22 4159976]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-10-27 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-27 80816]
R2 avast! Antivirus;avast! Antivirus;C:\AntiVirus\AVAST\AvastSvc.exe [2013-5-15 46808]
R2 MBAMScheduler;MBAMScheduler;C:\AntiVirus\Malwarebytes\mbamscheduler.exe [2012-9-11 418376]
R2 MBAMService;MBAMService;C:\AntiVirus\Malwarebytes\mbamservice.exe [2012-9-11 701512]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Tools\Macrium Reflect\ReflectService.exe [2011-11-8 301720]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2013-7-14 32544]
R2 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\Game Controllers\X-Mouse Button Control\XMouseButtonSvc.exe [2012-6-23 87040]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-8-22 57024]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2011-11-15 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-11-15 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2011-11-15 94808]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-10-29 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-10-29 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-27 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-18 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-18 181248]
R3 RTCore64;RTCore64;C:\Program Files (x86)\Tools\EVGA Precision Tune\RTCore64.sys [2011-8-31 14440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-13 849992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-8-22 70424]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-15 79360]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2011-11-15 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2011-11-15 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-11-15 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2011-11-15 94808]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-5-10 103064]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2011-12-28 275648]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-10-27 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-10-27 9096]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-10-29 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-10-29 341832]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-1 19456]
S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-7-13 23968]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-10-29 232480]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);C:\Windows\System32\drivers\RtTeam620.sys [2013-7-14 58512]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2013-7-14 32400]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-5-10 203672]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-17 4153184]
S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-3-22 93072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-1 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-27 1255736]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-22 13:45:43    --------    d-----w-    C:\Program Files\Logitech Gaming Software
2013-08-22 10:42:58    --------    d-----w-    C:\ProgramData\HitmanPro
2013-08-22 09:56:13    --------    d-----w-    C:\Program Files (x86)\Emsisoft Anti-Malware
2013-08-22 09:00:16    --------    d-----w-    C:\Program Files (x86)\ESET
2013-08-22 08:05:30    --------    d-----w-    C:\Windows\ERUNT
2013-08-22 07:55:57    --------    d-----w-    C:\AdwCleaner
2013-08-22 06:45:49    --------    d-----w-    C:\Users\WildCat\AppData\Roaming\AnvSoft
2013-08-20 05:11:29    --------    d-----w-    C:\Users\WildCat\AppData\Roaming\Leawo
2013-08-17 14:12:21    --------    d-----w-    C:\Program Files\Game Controllers
2013-08-15 01:24:28    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-08-05 05:17:53    --------    d-----w-    C:\Program Files (x86)\NaturalPoint
2013-08-04 20:19:50    --------    d-----w-    C:\Users\WildCat\AppData\Roaming\PDF Experte 8 Professional 8
2013-08-04 20:14:20    --------    d-----w-    C:\Users\WildCat\AppData\Roaming\PDF Experte 8 Professional
2013-08-04 20:13:52    --------    d-----w-    C:\ProgramData\Expert PDF Jobs
2013-08-04 20:13:52    --------    d-----w-    C:\ProgramData\Expert PDF 8
2013-08-04 20:13:52    --------    d-----w-    C:\ProgramData\Avanquest
2013-08-04 06:06:21    --------    d-----w-    C:\Users\WildCat\AppData\Roaming\Seeing Machines
2013-08-04 06:06:21    --------    d-----w-    C:\ProgramData\Seeing Machines
2013-08-04 06:00:40    15104    ----a-w-    C:\Windows\System32\drivers\vjoy.sys
2013-08-04 06:00:40    --------    d-----w-    C:\Program Files (x86)\VJoy Virtual Joystick Driver
2013-08-04 05:58:58    --------    d-----w-    C:\Program Files (x86)\FaceTrackNoIR
2013-08-04 05:28:49    606848    ----a-w-    C:\Windows\flashax.exe
2013-08-04 05:28:49    12288    ----a-w-    C:\Windows\impborl.dll
2013-08-04 05:18:44    --------    d-----w-    C:\ProgramData\ASUS
2013-08-04 05:17:56    --------    d-----w-    C:\Program Files (x86)\ASUS
2013-08-02 09:12:06    --------    d-----w-    C:\Users\WildCat\AppData\Local\WarThunder
2013-08-02 09:12:06    --------    d-----w-    C:\ProgramData\WarThunder
2013-07-29 07:17:29    --------    d-----w-    C:\Users\WildCat\AppData\Roaming\raidcall
.
==================== Find3M  ====================
.
2013-08-22 13:46:06    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-08-10 11:36:07    275648    ----a-w-    C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-13 10:49:15    25640    ----a-w-    C:\Windows\gdrv.sys
2013-07-13 04:39:23    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 04:39:23    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-09 06:03:30    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-28 00:56:32    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-06-28 00:56:32    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-06-23 06:36:15    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 06:36:14    867240    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-06-23 06:36:14    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-21 10:23:16    6496544    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16    3514656    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11    884512    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-06-20 04:17:49    3253909    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-06-10 01:59:58    216064    ----a-w-    C:\Windows\SysWow64\gcapi_dll.dll
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
============= FINISH:  9:54:32.84 ===============
 

 

Other logs can be posted or attached as needed. A preemptive thanks for any help/info

into this.

 


“Unthinking respect for authority is the greatest enemy of truth.” ~ Albert Einstein

"The price good men pay for indifference to public affairs is to be ruled by evil men." ~ Plato

“The power of accurate observation is commonly called cynicism by those who haven't got it.”~ George Bernard Shaw

"To take from one because it is thought that his own industry and that of his father’s has acquired too much, in order to spare to others, who, or whose fathers, have not exercised equal industry and skill, is to violate arbitrarily the first principle of association—the guarantee to every one of a free exercise of his industry and the fruits acquired by it." - Thomas Jefferson

"I believe there are more instances of the abridgement of freedom of the people by gradual and silent encroachments by those in power than by violent and sudden usurpations." ~ James Madison

"If ever a time should come, when vain and aspiring men shall possess the highest seats in Government, our country will stand in need of its experienced patriots to prevent its ruin." ~ Samuel Adams

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:31 AM

Posted 22 August 2013 - 03:18 PM

Good evening. :)

Would you post the appropriate logs shoiwing the nasties in question for HitmanPro and RogueKiller.


So long, and thanks for all the fish.

 

 


#3 WyldCat

WyldCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluegrass State
  • Local time:04:31 AM

Posted 22 August 2013 - 08:04 PM

Hi Noviciate. Thanks for the reply. Don't know about 'nasty', but the

Babylon thing looked suspicious.  I forgot to mention in first post that

I also removed the two tracking cookies, invitemedia & xiti.com.

Logs follow...

 

 

RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : WildCat [Admin rights]
Mode : Scan -- Date : 08/22/2013 07:26:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\WildCat\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2036881996-304739253-2206362558-1001\[...]\Run : Google Update ("C:\Users\WildCat\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2036881996-304739253-2206362558-1003\[...]\Run : Google Update ("C:\Users\WildCat\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\ASUS_L~1.SCR [x]) -> FOUND
[EXT RUN][SUSP PATH] HKCU\WildCat_ON_K:\[...]\Run : Google Update ("C:\Documents and Settings\WildCat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2036881996-304739253-2206362558-1001UA.job : C:\Users\WildCat\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2036881996-304739253-2206362558-1001Core.job : C:\Users\WildCat\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2036881996-304739253-2206362558-1001Core : C:\Users\WildCat\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2036881996-304739253-2206362558-1001UA : C:\Users\WildCat\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> K:\windows\system32\config\SYSTEM | DRVINFO [Drv - K:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> K:\windows\system32\config\SOFTWARE | DRVINFO [Drv - K:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> K:\windows\system32\config\SECURITY | DRVINFO [Drv - K:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> K:\windows\system32\config\SAM | DRVINFO [Drv - K:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> K:\windows\system32\config\DEFAULT | DRVINFO [Drv - K:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> K:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - K:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> K:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - K:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> K:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - K:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> K:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - K:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> K:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - K:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> K:\Documents and Settings\WildCat\NTUSER.DAT | DRVINFO [Drv - K:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7501AALS-00E3A0 +++++
--- User ---
[MBR] f554936ea6b4eee4ba7fe96327c6dc09
[BSP] 9c745c28ed5ae7e7ea056aef2fe673b1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102406 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 209728575 | Size: 612995 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD7501AALS-00E3A0 +++++
--- User ---
[MBR] a3b687c381dd827c707d56a66079e6d0
[BSP] 0130f82b710376b015f390282cde9c4a : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 122879 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 251658225 | Size: 592522 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD7501AALS-00E3A0 +++++
--- User ---
[MBR] b456d1cadccc06e6472eee820a4e3e41
[BSP] 3b825c6eeb71c813066d032d69633700 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16128 | Size: 953859 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD7501AALS-00E3A0 +++++
--- User ---
[MBR] 3477aeb1e884f96c7d3d5d59049f1b1f
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 15268 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08222013_072629.txt >>

*******************************************************************************************************************************************

 

HitmanPro 3.7.7.203
www.hitmanpro.com

   Computer name . . . . : MFC-WIN7
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : MFC-Win7\WildCat
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-08-22 06:44:06
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 270

   Objects scanned . . . : 1,336,555
   Files scanned . . . . : 20,177
   Remnants scanned  . . : 231,061 files / 1,085,317 keys

Suspicious files ____________________________________________________________

   C:\Users\WildCat\AppData\Local\PunkBuster\BF1942\pb\pbcl.dll
      Size . . . . . . . : 759,153 bytes
      Age  . . . . . . . : 279.2 days (2012-11-16 01:49:54)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 36C88D54BC3A96F6FA4E9A2AD3D6D63955EF91E785B4B35205BBF57EE2CAE0C7
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\BF1942\pb\pbcls.dll
      Size . . . . . . . : 759,153 bytes
      Age  . . . . . . . : 279.2 days (2012-11-16 01:49:54)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 36C88D54BC3A96F6FA4E9A2AD3D6D63955EF91E785B4B35205BBF57EE2CAE0C7
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\BF3\pb\dll\wc002286.dll
      Size . . . . . . . : 942,907 bytes
      Age  . . . . . . . : 597.2 days (2012-01-03 01:45:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 151573760160ED491B4528616FF16C058966B9555B73E804AF1CD60B3F8EB33D
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll
      Size . . . . . . . : 948,118 bytes
      Age  . . . . . . . : 567.4 days (2012-02-01 21:36:42)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
      Size . . . . . . . : 956,681 bytes
      Age  . . . . . . . : 496.3 days (2012-04-12 23:34:14)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949,613 bytes
      Age  . . . . . . . : 329.4 days (2012-09-26 21:44:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll
      Size . . . . . . . : 959,376 bytes
      Age  . . . . . . . : 142.3 days (2013-04-01 23:29:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WildCat\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 959,376 bytes
      Age  . . . . . . . : 142.2 days (2013-04-02 02:22:52)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WildCat\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 959,376 bytes
      Age  . . . . . . . : 660.1 days (2011-11-01 05:18:36)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WildCat\AppData\Local\PunkBuster\BF3\pb\pbcls.dll
      Size . . . . . . . : 949,613 bytes
      Age  . . . . . . . : 658.2 days (2011-11-03 02:10:56)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 137,992 bytes
      Age  . . . . . . . : 660.1 days (2011-11-01 05:19:02)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 21A3D2E3A063EA2F986EF1BAFD1A71F7FC9EDB3F69E0265E51A18DBC111084F1
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WildCat\AppData\Local\PunkBuster\BLR\pb\dll\wc002285.dll
      Size . . . . . . . : 963,613 bytes
      Age  . . . . . . . : 513.6 days (2012-03-26 17:22:46)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E7EB0F070DDDBDC1793677B6EF811338CDCEC5AE744A032C223DD1763D97A56B
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\BLR\pb\pbcl.dll
      Size . . . . . . . : 963,613 bytes
      Age  . . . . . . . : 513.6 days (2012-03-26 17:22:48)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E7EB0F070DDDBDC1793677B6EF811338CDCEC5AE744A032C223DD1763D97A56B
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\BLR\pb\pbclold.dll
      Size . . . . . . . : 951,602 bytes
      Age  . . . . . . . : 513.6 days (2012-03-26 16:51:32)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : EBA3E3C3F91BCAF644678C5364C81E327DE9577E6BF7C0F4C0ACB56B1C09DC17
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\BLR\pb\PnkBstrK.sys
      Size . . . . . . . : 140,480 bytes
      Age  . . . . . . . : 513.6 days (2012-03-26 16:52:03)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 64063C820C5972BBD6E524C68065570BF54D85FA0FFE0BD063B6954298F7D015
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WildCat\AppData\Local\PunkBuster\COD\pb\pbcl.dll
      Size . . . . . . . : 869,527 bytes
      Age  . . . . . . . : 613.2 days (2011-12-18 02:29:11)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 6EFC020A37D5684DD4643EEF512D4B4925061043D8FD26106D32CD6F2C73BC7A
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\GRFS\pb\pbcl.dll
      Size . . . . . . . : 972,501 bytes
      Age  . . . . . . . : 378.3 days (2012-08-09 00:02:48)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\GRFS\pb\pbcls.dll
      Size . . . . . . . : 972,501 bytes
      Age  . . . . . . . : 378.3 days (2012-08-09 00:02:48)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\GRFS\pb\PnkBstrK.sys
      Size . . . . . . . : 139,752 bytes
      Age  . . . . . . . : 415.0 days (2012-07-03 07:20:52)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 190F16E9E5087FB75ADFDE73CF658FE493193DCFE2191172F1639C9FE658CA20
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WildCat\AppData\Local\PunkBuster\GRO\pb\pbcl.dll
      Size . . . . . . . : 957,254 bytes
      Age  . . . . . . . : 128.0 days (2013-04-16 06:59:22)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 119B810057B5BEB396E0788D092661B805D7E9AF1AD066BA3BD952DBA6064C82
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Local\PunkBuster\GRO\pb\PnkBstrK.sys
      Size . . . . . . . : 141,072 bytes
      Age  . . . . . . . : 128.0 days (2013-04-16 06:59:41)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : C3A38891678AC34784E90D385B3DDEAC690E11E05A7657F9D287E7DC373D2592
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WildCat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\dll\wc002278.dll
      Size . . . . . . . : 972,501 bytes
      Age  . . . . . . . : 307.4 days (2012-10-18 19:57:38)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\dll\wc002289.dll
      Size . . . . . . . : 972,501 bytes
      Age  . . . . . . . : 418.2 days (2012-06-30 02:00:44)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcl.dll
      Size . . . . . . . : 972,501 bytes
      Age  . . . . . . . : 307.4 days (2012-10-18 19:57:39)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WildCat\AppData\Roaming\Ubisoft\Tom Clancy's Ghost Recon Future Soldier\pb\pbcls.dll
      Size . . . . . . . : 972,501 bytes
      Age  . . . . . . . : 307.4 days (2012-10-18 19:57:39)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCD4FD05B76D1C64855930E0B24365B4C9ABA3F3319DACEE5D06A565D5CC78F9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
   HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon)
   HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)

Cookies _____________________________________________________________________

   C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\cookies.sqlite:eset.122.2o7.net
   C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\cookies.sqlite:invitemedia.com
   C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\cookies.sqlite:xiti.com
 

 


 


“Unthinking respect for authority is the greatest enemy of truth.” ~ Albert Einstein

"The price good men pay for indifference to public affairs is to be ruled by evil men." ~ Plato

“The power of accurate observation is commonly called cynicism by those who haven't got it.”~ George Bernard Shaw

"To take from one because it is thought that his own industry and that of his father’s has acquired too much, in order to spare to others, who, or whose fathers, have not exercised equal industry and skill, is to violate arbitrarily the first principle of association—the guarantee to every one of a free exercise of his industry and the fruits acquired by it." - Thomas Jefferson

"I believe there are more instances of the abridgement of freedom of the people by gradual and silent encroachments by those in power than by violent and sudden usurpations." ~ James Madison

"If ever a time should come, when vain and aspiring men shall possess the highest seats in Government, our country will stand in need of its experienced patriots to prevent its ruin." ~ Samuel Adams

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:31 AM

Posted 24 August 2013 - 02:17 PM

Good evening. :)

A PUP is a Potentially Unwanted Program. It isn't a grave threat to your PC's security, more a piece of junk that you might be willing to put up with in certain circumstances - perhaps as the price of using a free application. MBAM should be able to remove the offending item OK, so as long as it no longer shows up when you scan, it should be gone.

http://forums.malwarebytes.org/index.php?showtopic=130207
http://blog.malwarebytes.org/news/2013/07/malwarebytes-adopts-aggressive-pup-policy/

 

The RogueKiller detections look to be legitimate to me - it labels things as suspicious when it doesn't know for sure what they are.

 

The majority of the HitmanPro detections are connected to Punk Buster, which is legitimate, assuming that you installed it from a legitimate source. I would hazard a guess that you are the proud owner, or have been, of the Babylon toolbar - do you have it and do you want to keep it?


So long, and thanks for all the fish.

 

 


#5 WyldCat

WyldCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluegrass State
  • Local time:04:31 AM

Posted 24 August 2013 - 03:46 PM

Thanks for the reply. Yes, PB is legit. Is from http://www.evenbalance.com/index.php?page=pbsetup.php.  I can't say

as I ever remember installing Babylon Toolbar. When I check Firefox (ver. 23.01) I don't see anything listed in

extensions, services, or plugins?  Having said that, if it's something I didn't "willingly install", then no I don't wish

to keep it.  Looking forward to your next reply.  Off to work...


“Unthinking respect for authority is the greatest enemy of truth.” ~ Albert Einstein

"The price good men pay for indifference to public affairs is to be ruled by evil men." ~ Plato

“The power of accurate observation is commonly called cynicism by those who haven't got it.”~ George Bernard Shaw

"To take from one because it is thought that his own industry and that of his father’s has acquired too much, in order to spare to others, who, or whose fathers, have not exercised equal industry and skill, is to violate arbitrarily the first principle of association—the guarantee to every one of a free exercise of his industry and the fruits acquired by it." - Thomas Jefferson

"I believe there are more instances of the abridgement of freedom of the people by gradual and silent encroachments by those in power than by violent and sudden usurpations." ~ James Madison

"If ever a time should come, when vain and aspiring men shall possess the highest seats in Government, our country will stand in need of its experienced patriots to prevent its ruin." ~ Samuel Adams

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:31 AM

Posted 25 August 2013 - 03:26 PM

Good evening. :)

Babylon Toolbar is one of those things that you can live with, or without, but Mozilla has a page dedicated to it's removal, so i'd be tempted to do so: linkiy.

We'll start by running a little scanning tool to see what Babylon junk you actually have:

 

Please download AdwCleaner by Xplode from here and save it to your Desktop.

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click on Search and, once complete, let me have the contents of the text that opens.
  • A copy of the text file will be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.


So long, and thanks for all the fish.

 

 


#7 WyldCat

WyldCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluegrass State
  • Local time:04:31 AM

Posted 26 August 2013 - 09:52 AM

# AdwCleaner v3.001 - Report created 26/08/2013 at 10:40:15
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : WildCat - MFC-WIN7
# Running from : C:\Users\WildCat\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\ProgramData\StarApp

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3211 octets] - [22/08/2013 03:56:00]
AdwCleaner[R1].txt - [738 octets] - [26/08/2013 10:40:15]
AdwCleaner[S0].txt - [3256 octets] - [22/08/2013 03:59:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [857 octets] ##########
 

 

I didn't see a "Search" option, so I clicked Scan instead.  It generated this report.

I also still have original report from first time AdwCleaner was run if you need to see it too.

Thanks,

WC


“Unthinking respect for authority is the greatest enemy of truth.” ~ Albert Einstein

"The price good men pay for indifference to public affairs is to be ruled by evil men." ~ Plato

“The power of accurate observation is commonly called cynicism by those who haven't got it.”~ George Bernard Shaw

"To take from one because it is thought that his own industry and that of his father’s has acquired too much, in order to spare to others, who, or whose fathers, have not exercised equal industry and skill, is to violate arbitrarily the first principle of association—the guarantee to every one of a free exercise of his industry and the fruits acquired by it." - Thomas Jefferson

"I believe there are more instances of the abridgement of freedom of the people by gradual and silent encroachments by those in power than by violent and sudden usurpations." ~ James Madison

"If ever a time should come, when vain and aspiring men shall possess the highest seats in Government, our country will stand in need of its experienced patriots to prevent its ruin." ~ Samuel Adams

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:31 AM

Posted 26 August 2013 - 01:12 PM

Good evening. :)
 

 

I didn't see a "Search" option, so I clicked Scan instead.

I guess they renamed the button since I wrote those instructions - my bad. :smash:

 

Did you have HitmanPro delete what it found in the above scan?


Edited by Noviciate, 27 August 2013 - 02:38 PM.

So long, and thanks for all the fish.

 

 


#9 WyldCat

WyldCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluegrass State
  • Local time:04:31 AM

Posted 26 August 2013 - 01:32 PM

I didn't delete anything with HitmanPro. Only scanned with it as a double check.

 

When I found PUP.Optional.Tarma.A, I ran the following in this order:

AdwCleaner

Junk Removal Tool

Malwarebytes

 

Mbam deleted the following:

Files Detected: 3
C:\AdwCleaner\Quarantine\C\

ProgramData\InstallMate\{406D3DFA-8DE4-44C5-A62E-C5C69B8E1F0C}\Setup.exe.vir (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\InstallMate\{406D3DFA-8DE4-44C5-A62E-C5C69B8E1F0C}\TsuDll.dll.vir (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\WildCat\AppData\Local\Temp\0JuwbBb5.exe.part (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

 

Any other info you need just let me know.

Thanks


“Unthinking respect for authority is the greatest enemy of truth.” ~ Albert Einstein

"The price good men pay for indifference to public affairs is to be ruled by evil men." ~ Plato

“The power of accurate observation is commonly called cynicism by those who haven't got it.”~ George Bernard Shaw

"To take from one because it is thought that his own industry and that of his father’s has acquired too much, in order to spare to others, who, or whose fathers, have not exercised equal industry and skill, is to violate arbitrarily the first principle of association—the guarantee to every one of a free exercise of his industry and the fruits acquired by it." - Thomas Jefferson

"I believe there are more instances of the abridgement of freedom of the people by gradual and silent encroachments by those in power than by violent and sudden usurpations." ~ James Madison

"If ever a time should come, when vain and aspiring men shall possess the highest seats in Government, our country will stand in need of its experienced patriots to prevent its ruin." ~ Samuel Adams

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:31 AM

Posted 27 August 2013 - 02:43 PM

Good evening. :)

Ah, I understand - should have paid more attention to your first post! As far as I can tell your PC has a few registry leftovers from a previous exposure to the Babylon toolbar but nothing more than that. Run the following,. which will initially produce a log but also has some customisable removal options that DDS doesn't, and post accordingly:

 

Download OTL by OldTimer from here and save it to your Desktop.
 

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 

 


So long, and thanks for all the fish.

 

 


#11 WyldCat

WyldCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluegrass State
  • Local time:04:31 AM

Posted 28 August 2013 - 08:10 AM

OTL logfile created on: 8/28/2013 8:54:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\WildCat\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.08% Memory free
20.49 Gb Paging File | 18.44 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 512 512f:\pagefil [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 120.00 Gb Total Space | 54.78 Gb Free Space | 45.65% Space Free | Partition Type: NTFS
Drive F: | 12.69 Gb Total Space | 0.58 Gb Free Space | 4.61% Space Free | Partition Type: NTFS
Drive G: | 292.97 Gb Total Space | 220.33 Gb Free Space | 75.20% Space Free | Partition Type: NTFS
Drive H: | 97.65 Gb Total Space | 87.12 Gb Free Space | 89.21% Space Free | Partition Type: NTFS
Drive I: | 136.63 Gb Total Space | 58.75 Gb Free Space | 43.00% Space Free | Partition Type: NTFS
Drive J: | 38.68 Gb Total Space | 16.12 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
Drive K: | 100.01 Gb Total Space | 84.68 Gb Free Space | 84.67% Space Free | Partition Type: NTFS
Drive L: | 12.69 Gb Total Space | 0.59 Gb Free Space | 4.61% Space Free | Partition Type: NTFS
Drive M: | 292.97 Gb Total Space | 50.73 Gb Free Space | 17.31% Space Free | Partition Type: NTFS
Drive N: | 97.65 Gb Total Space | 97.43 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive O: | 97.66 Gb Total Space | 97.45 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive P: | 97.66 Gb Total Space | 55.24 Gb Free Space | 56.57% Space Free | Partition Type: NTFS
Drive S: | 931.50 Gb Total Space | 100.51 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive T: | 14.91 Gb Total Space | 14.91 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
 
Computer Name: MFC-WIN7 | User Name: WildCat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/28 08:47:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WildCat\Desktop\OTL.exe
PRC - [2013/08/27 05:45:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/08/24 13:06:41 | 004,159,464 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/05/10 03:24:43 | 000,844,168 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\AntiVirus\AVAST\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\AntiVirus\AVAST\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\AntiVirus\Malwarebytes\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\AntiVirus\Malwarebytes\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\AntiVirus\Malwarebytes\mbamscheduler.exe
PRC - [2012/04/23 14:45:38 | 006,078,464 | ---- | M] (Visagesoft) -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
PRC - [2011/08/31 17:56:10 | 000,359,528 | ---- | M] () -- C:\Program Files (x86)\Tools\EVGA Precision Tune\EVGAPrecision.exe
PRC - [2011/08/22 11:57:30 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/12/28 13:44:54 | 000,294,912 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/11/16 21:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/04/23 07:14:00 | 000,126,976 | ---- | M] () -- C:\Windows\system\3DG4me.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/04/23 14:45:52 | 004,681,216 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfcore160.bpl
MOD - [2012/04/23 14:45:52 | 000,517,120 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfeditor160.bpl
MOD - [2012/04/23 14:45:52 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vsprinters160.bpl
MOD - [2012/04/23 14:45:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vstrees160.bpl
MOD - [2012/04/23 14:45:48 | 001,186,816 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\TMSlite160.bpl
MOD - [2012/04/23 14:45:40 | 002,693,120 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\bblite160.bpl
MOD - [2012/04/23 14:45:40 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\expertpdfcore160.bpl
MOD - [2012/04/11 19:06:08 | 002,478,080 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vsvector160.bpl
MOD - [2012/04/11 19:06:08 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprinter160.bpl
MOD - [2012/04/11 19:06:06 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspropsaver160.bpl
MOD - [2012/04/11 19:06:04 | 002,253,824 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\PKIECtrl160.bpl
MOD - [2011/09/30 18:10:22 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\js32.dll
MOD - [2011/08/31 17:56:10 | 000,359,528 | ---- | M] () -- C:\Program Files (x86)\Tools\EVGA Precision Tune\EVGAPrecision.exe
MOD - [2011/08/26 14:10:12 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Tools\EVGA Precision Tune\RTMUI.dll
MOD - [2011/08/26 14:10:10 | 000,290,816 | ---- | M] () -- C:\Program Files (x86)\Tools\EVGA Precision Tune\RTHAL.dll
MOD - [2011/08/26 14:10:00 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Tools\EVGA Precision Tune\RTCore.dll
MOD - [2011/08/26 14:09:54 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Tools\EVGA Precision Tune\RTUI.dll
MOD - [2011/08/26 14:09:48 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Tools\EVGA Precision Tune\RTFC.dll
MOD - [2011/05/01 02:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Tools\EVGA Precision Tune\RTTSH.dll
MOD - [2010/04/23 07:14:00 | 000,143,360 | ---- | M] () -- C:\Windows\system\3DG4me.dll
MOD - [2010/04/23 07:14:00 | 000,126,976 | ---- | M] () -- C:\Windows\system\3DG4me.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/23 11:49:24 | 000,087,040 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Program Files\Game Controllers\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV:64bit: - [2011/11/08 21:22:20 | 000,301,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Tools\Macrium Reflect\ReflectService.exe -- (ReflectService.exe)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/27 05:45:54 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/08/24 13:06:41 | 004,159,464 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013/08/17 06:57:44 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/08 07:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\AntiVirus\AVAST\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\AntiVirus\Malwarebytes\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\AntiVirus\Malwarebytes\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/22 06:07:18 | 000,093,072 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/02/08 18:45:50 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- M:\Tribes Ascend\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/08 18:57:44 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/15 19:45:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2011/11/15 19:43:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/12/28 13:44:54 | 000,294,912 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/08/10 07:36:07 | 000,275,648 | ---- | M] (LotSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2013/06/27 20:56:32 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/27 20:56:32 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/27 20:56:32 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/10 11:09:24 | 000,849,992 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/04/03 03:58:18 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/04/03 03:58:18 | 000,103,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/02/07 19:37:48 | 000,023,968 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rspLLL64.sys -- (rspLLL)
DRV:64bit: - [2013/01/17 15:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012/10/15 09:08:30 | 000,015,104 | ---- | M] (Headsoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vjoy.sys -- (vhidmini)
DRV:64bit: - [2012/09/01 07:00:02 | 000,032,400 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan620.sys -- (RTVLANPT)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/03 20:32:00 | 000,058,512 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam620.sys -- (RTTEAMPT)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/29 09:19:39 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/10/29 09:19:39 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/10/29 09:19:37 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/10/29 09:19:37 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/22 13:26:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2011/08/22 13:26:34 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2011/08/22 13:26:24 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2011/08/22 13:26:12 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2011/08/22 13:26:02 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2011/08/22 13:25:50 | 000,687,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2011/08/22 13:25:40 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2011/08/22 13:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2011/08/22 13:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2011/08/22 13:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2011/08/22 13:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2011/08/22 13:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2011/08/22 13:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/06/15 21:11:20 | 000,032,544 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/18 22:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/18 22:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/04/23 07:14:00 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cm11264.sys -- (USBADVAU)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/11 15:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/13 04:10:42 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2013/08/24 13:06:46 | 000,070,960 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2013/08/19 18:22:58 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys -- (cleanhlp)
DRV - [2013/07/13 06:49:15 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013/03/28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2011/08/31 17:56:10 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Tools\EVGA Precision Tune\RTCore64.sys -- (RTCore64)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 D8 D9 16 73 CA CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: %7B145e79b6-6c19-4b9c-915a-45c90a2f06a5%7D:11.01.11.01
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: nasanightlaunch%40example.com:0.6.20130805
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\Media Players\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\WildCat\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\Media Players\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\WildCat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\WildCat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\WildCat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\WildCat\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\WildCat\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\AntiVirus\AVAST\WebRep\FF [2013/05/15 03:24:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/06/19 07:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/17 06:57:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/17 06:57:42 | 000,000,000 | ---D | M]
 
[2012/02/06 03:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Extensions
[2012/02/06 03:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/08/27 05:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\extensions
[2011/10/27 08:59:45 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(2)
[2013/08/27 05:22:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/27 08:59:45 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\extensions\DeviceDetection@logitech.com
[2012/08/28 08:19:11 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\extensions\exif_viewer@mozilla.doslash.org.xpi
[2013/08/06 15:55:22 | 002,601,249 | ---- | M] () (No name found) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\extensions\nasanightlaunch@example.com.xpi
[2011/09/27 09:33:19 | 000,014,286 | ---- | M] () (No name found) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\extensions\{145e79b6-6c19-4b9c-915a-45c90a2f06a5}.xpi
[2011/06/05 00:18:32 | 000,003,691 | ---- | M] () (No name found) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/06/15 17:15:41 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/07/31 16:57:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\WildCat\AppData\Roaming\Mozilla\Firefox\Profiles\yay0389a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/17 06:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/17 06:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\䍻䙁䕅䅆ⵃ〰㜱〭〰ⴰ〰〰䄭䍂䕄䙆䑅䉃絁
[2013/08/17 06:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 06:57:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/19 07:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
 
O1 HOSTS File: ([2013/08/26 11:55:04 | 000,001,192 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 www.tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 media.opencandy.com
O1 - Hosts: 127.0.0.1 www.media.opencandy.com
O1 - Hosts: 127.0.0.1 cdn.opencandy.com
O1 - Hosts: 127.0.0.1 www.cdn.opencandy.com
O1 - Hosts: 127.0.0.1 tracking.opencandy.com
O1 - Hosts: 127.0.0.1 www.tracking.opencandy.com
O1 - Hosts: 127.0.0.1 api.opencandy.com
O1 - Hosts: 127.0.0.1 www.api.opencandy.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\AntiVirus\AVAST\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\AntiVirus\AVAST\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\AntiVirus\AVAST\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\AntiVirus\AVAST\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [3DG4me] C:\Windows\system\3DG4me.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\AntiVirus\AVAST\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] CTXFIHLP.EXE File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe (Visagesoft)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - Startup: C:\Users\WildCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShellFolderFix.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: champions-online.com ([launcher] http in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: startrekonline.com ([launcher] http in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1321279743776 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DE85FC5-DD1E-4A5A-B21A-F9A4056E45E5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DE85FC5-DD1E-4A5A-B21A-F9A4056E45E5}: NameServer = 8.8.4.4,8.8.8.8
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/15 07:21:52 | 000,000,000 | ---- | M] () - K:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/29 07:12:36 | 000,000,000 | ---D | M] - S:\AutoPatcher Updater v1.3.0.1 -- [ NTFS ]
O33 - MountPoints2\{ce67d4dc-11fb-11e1-aa74-6cf049770eaa}\Shell - "" = AutoRun
O33 - MountPoints2\{ce67d4dc-11fb-11e1-aa74-6cf049770eaa}\Shell\AutoRun\command - "" = R:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/28 08:48:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\WildCat\Desktop\OTL.exe
[2013/08/28 02:26:43 | 000,081,920 | ---- | C] (HID Dll) -- C:\Windows\System\CM_HID3.dll
[2013/08/28 02:17:06 | 001,308,160 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\cm11264.sys
[2013/08/28 02:17:06 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\fltr112.dll
[2013/08/26 11:49:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HostsMan Backups
[2013/08/26 11:49:49 | 000,000,000 | ---D | C] -- C:\Users\WildCat\AppData\Roaming\abelhadigital.com
[2013/08/26 11:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\abelhadigital.com
[2013/08/26 11:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan_4.1.96
[2013/08/26 09:48:51 | 000,000,000 | ---D | C] -- C:\Users\WildCat\Documents\Original HOSTS file
[2013/08/24 00:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/08/24 00:02:42 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/08/24 00:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/08/23 23:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/08/23 22:17:48 | 000,000,000 | ---D | C] -- C:\Users\WildCat\AppData\Roaming\tiger-k
[2013/08/23 22:17:46 | 000,000,000 | ---D | C] -- C:\Users\WildCat\Documents\Leawo
[2013/08/23 22:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2013/08/23 22:16:51 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2013/08/23 22:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2013/08/23 22:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/08/23 22:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013/08/23 20:50:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audio & Video Converters x64
[2013/08/23 20:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Audio & Video Converters
[2013/08/22 11:39:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/08/22 09:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013/08/22 09:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013/08/22 07:46:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\WildCat\Desktop\dds.scr
[2013/08/22 07:23:18 | 000,000,000 | ---D | C] -- C:\Users\WildCat\Desktop\RK_Quarantine
[2013/08/22 06:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/08/22 06:39:15 | 000,000,000 | ---D | C] -- C:\Users\WildCat\Desktop\Stuff from flash drive
[2013/08/22 05:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013/08/22 05:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013/08/22 05:56:13 | 000,000,000 | ---D | C] -- C:\Users\WildCat\Documents\Anti-Malware
[2013/08/22 04:05:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/22 03:55:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/22 02:59:53 | 000,000,000 | ---D | C] -- C:\Users\WildCat\Documents\Any Video Converter Professional
[2013/08/22 02:45:50 | 000,000,000 | ---D | C] -- C:\Users\WildCat\Documents\Any Video Converter
[2013/08/20 01:32:39 | 000,000,000 | ---D | C] -- C:\Users\WildCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iTunes Data Recovery
[2013/08/20 01:11:29 | 000,000,000 | ---D | C] -- C:\Users\WildCat\AppData\Roaming\Leawo
[2013/08/20 01:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo Blu-ray Player
[2013/08/17 10:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
[2013/08/17 10:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Game Controllers
[2013/08/17 08:52:49 | 000,000,000 | ---D | C] -- C:\Users\WildCat\Desktop\Temp Warthunder CONFIGS
[2013/08/17 06:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/15 12:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/08/15 12:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/08/15 12:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/08/15 11:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FurMark_1.11.0
[2013/08/05 01:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NaturalPoint
[2013/08/04 16:19:50 | 000,000,000 | ---D | C] -- C:\Users\WildCat\AppData\Roaming\PDF Experte 8 Professional 8
[2013/08/04 16:14:20 | 000,000,000 | ---D | C] -- C:\Users\WildCat\AppData\Roaming\PDF Experte 8 Professional
[2013/08/04 16:13:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Avanquest Software
[2013/08/04 16:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest
[2013/08/04 16:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Expert PDF Jobs
[2013/08/04 16:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Expert PDF 8
[2013/08/04 16:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2013/08/04 02:06:21 | 000,000,000 | ---D | C] -- C:\Users\WildCat\AppData\Roaming\Seeing Machines
[2013/08/04 02:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Seeing Machines
[2013/08/04 02:00:40 | 000,015,104 | ---- | C] (Headsoft) -- C:\Windows\SysNative\drivers\vjoy.sys
[2013/08/04 02:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VJoy Virtual Joystick Driver
[2013/08/04 02:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VJoy Virtual Joystick Driver
[2013/08/04 01:58:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FaceTrackNoIR
[2013/08/04 01:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2013/08/04 01:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
[2013/08/04 01:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2013/08/02 05:12:06 | 000,000,000 | ---D | C] -- C:\Users\WildCat\AppData\Local\WarThunder
[2013/08/02 05:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013/08/02 04:56:08 | 000,000,000 | ---D | C] -- C:\Users\WildCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/28 08:47:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WildCat\Desktop\OTL.exe
[2013/08/28 08:13:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2036881996-304739253-2206362558-1001UA.job
[2013/08/28 02:36:44 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/28 02:36:44 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/28 02:28:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/28 02:28:04 | 2146,144,255 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/28 02:26:43 | 000,000,258 | ---- | M] () -- C:\Windows\Cm112.ini.imi
[2013/08/28 02:26:43 | 000,000,185 | ---- | M] () -- C:\Windows\Cm112.ini.cfl
[2013/08/28 02:26:43 | 000,000,137 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2013/08/28 02:26:37 | 000,000,207 | ---- | M] () -- C:\Windows\System\Cm112.ini
[2013/08/28 02:23:08 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/08/28 02:23:08 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/08/28 02:23:08 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/08/27 05:47:03 | 000,298,584 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/08/27 05:47:03 | 000,298,584 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/08/27 05:46:06 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/08/27 05:45:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/08/27 04:53:49 | 000,000,202 | ---- | M] () -- C:\Users\WildCat\Desktop\Star Conflict.url
[2013/08/27 02:34:20 | 000,000,201 | ---- | M] () -- C:\Users\WildCat\Desktop\Call of Duty Modern Warfare 3.url
[2013/08/26 23:13:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2036881996-304739253-2206362558-1001Core.job
[2013/08/26 17:20:38 | 000,001,897 | ---- | M] () -- C:\Users\WildCat\Desktop\Kies Air.lnk
[2013/08/24 03:46:08 | 000,002,177 | ---- | M] () -- C:\Users\WildCat\Documents\MT Job Description.rtf
[2013/08/22 07:46:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\WildCat\Desktop\dds.scr
[2013/08/22 06:18:54 | 001,662,516 | ---- | M] () -- C:\Users\WildCat\Documents\HitmanPro-Kickstart-User-Manual.pdf
[2013/08/22 05:56:35 | 000,001,119 | ---- | M] () -- C:\Users\WildCat\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/08/22 00:54:51 | 000,000,917 | ---- | M] () -- C:\Users\WildCat\Desktop\Ventrilo.lnk
[2013/08/16 22:58:56 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/16 22:58:56 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/16 22:58:56 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/12 21:44:44 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\FaceTrackNoIR.lnk
[2013/08/12 21:27:34 | 000,056,021 | ---- | M] () -- C:\Users\WildCat\Documents\MyMouse-FRB.blk
[2013/08/12 21:27:34 | 000,056,021 | ---- | M] () -- C:\Users\WildCat\Documents\FRB-Mousejoystick.blk
[2013/08/12 04:50:24 | 000,057,826 | ---- | M] () -- C:\Users\WildCat\Documents\MyArcadeJoystick.blk
[2013/08/11 02:42:46 | 000,000,516 | ---- | M] () -- C:\Users\Public\Desktop\Dolby Axon.lnk
[2013/08/10 07:36:07 | 000,275,648 | ---- | M] (LotSoft, Inc.) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys
[2013/08/08 22:44:26 | 000,060,251 | ---- | M] () -- C:\Users\WildCat\Documents\MyMouse2.blk
[2013/08/08 06:46:41 | 000,062,388 | ---- | M] () -- C:\Users\WildCat\Documents\MyMouse1.blk
[2013/08/08 06:14:25 | 000,056,049 | ---- | M] () -- C:\Users\WildCat\Documents\Mouse1.blk
[2013/08/04 01:28:49 | 000,012,288 | ---- | M] () -- C:\Windows\impborl.dll
[2013/08/04 01:28:07 | 000,001,528 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2013/08/04 01:18:00 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\LifeFrame.lnk
[2013/08/02 04:56:09 | 000,000,761 | ---- | M] () -- C:\Users\Public\Desktop\War Thunder.lnk
[2013/08/01 01:48:23 | 000,007,604 | ---- | M] () -- C:\Users\WildCat\AppData\Local\Resmon.ResmonCfg
[2013/07/31 16:59:57 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/28 02:26:43 | 000,779,776 | ---- | C] () -- C:\Windows\SysNative\Cmeau112.exe
[2013/08/28 02:26:43 | 000,143,360 | ---- | C] () -- C:\Windows\System\3DG4me.dll
[2013/08/28 02:26:43 | 000,126,976 | ---- | C] () -- C:\Windows\System\3DG4me.exe
[2013/08/28 02:26:43 | 000,000,185 | ---- | C] () -- C:\Windows\Cm112.ini.cfl
[2013/08/28 02:26:43 | 000,000,137 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2013/08/28 02:26:37 | 000,354,304 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2013/08/28 02:26:37 | 000,001,198 | ---- | C] () -- C:\Windows\Cm112.ini.cfg
[2013/08/28 02:26:37 | 000,000,678 | ---- | C] () -- C:\Windows\cm112.ini
[2013/08/28 02:26:37 | 000,000,258 | ---- | C] () -- C:\Windows\Cm112.ini.imi
[2013/08/28 02:26:37 | 000,000,207 | ---- | C] () -- C:\Windows\System\Cm112.ini
[2013/08/27 04:53:49 | 000,000,202 | ---- | C] () -- C:\Users\WildCat\Desktop\Star Conflict.url
[2013/08/27 02:34:20 | 000,000,201 | ---- | C] () -- C:\Users\WildCat\Desktop\Call of Duty Modern Warfare 3.url
[2013/08/24 03:46:08 | 000,002,177 | ---- | C] () -- C:\Users\WildCat\Documents\MT Job Description.rtf
[2013/08/23 22:16:42 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/08/22 11:50:28 | 000,001,897 | ---- | C] () -- C:\Users\WildCat\Desktop\Kies Air.lnk
[2013/08/22 06:18:54 | 001,662,516 | ---- | C] () -- C:\Users\WildCat\Documents\HitmanPro-Kickstart-User-Manual.pdf
[2013/08/22 05:56:35 | 000,001,119 | ---- | C] () -- C:\Users\WildCat\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/08/15 12:51:59 | 003,253,909 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/08/15 12:51:05 | 000,021,578 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/08/12 21:30:26 | 000,056,021 | ---- | C] () -- C:\Users\WildCat\Documents\MyMouse-FRB.blk
[2013/08/12 21:28:49 | 000,056,021 | ---- | C] () -- C:\Users\WildCat\Documents\FRB-Mousejoystick.blk
[2013/08/12 05:47:32 | 000,057,826 | ---- | C] () -- C:\Users\WildCat\Documents\MyArcadeJoystick.blk
[2013/08/08 18:22:47 | 000,060,251 | ---- | C] () -- C:\Users\WildCat\Documents\MyMouse2.blk
[2013/08/08 06:46:41 | 000,062,388 | ---- | C] () -- C:\Users\WildCat\Documents\MyMouse1.blk
[2013/08/08 06:14:23 | 000,056,049 | ---- | C] () -- C:\Users\WildCat\Documents\Mouse1.blk
[2013/08/04 01:59:06 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\FaceTrackNoIR.lnk
[2013/08/04 01:28:49 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2013/08/04 01:27:24 | 000,001,528 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013/08/04 01:18:00 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\LifeFrame.lnk
[2013/08/02 04:56:09 | 000,000,761 | ---- | C] () -- C:\Users\Public\Desktop\War Thunder.lnk
[2013/07/13 01:10:16 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/05/10 02:15:34 | 000,017,982 | ---- | C] () -- C:\Users\WildCat\.TransferManager.db
[2013/04/18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/01/17 05:28:30 | 000,007,604 | ---- | C] () -- C:\Users\WildCat\AppData\Local\Resmon.ResmonCfg
[2012/11/13 09:25:03 | 000,000,722 | ---- | C] () -- C:\Users\WildCat\AppData\Roaming\MPQEditor.ini
[2012/07/22 23:32:11 | 000,006,656 | ---- | C] () -- C:\Users\WildCat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/13 21:02:17 | 000,582,656 | ---- | C] () -- C:\Users\WildCat\AppData\Local\file__0.localstorage
[2012/03/26 16:43:17 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/19 00:29:07 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/29 23:38:43 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/30 02:40:08 | 000,070,656 | ---- | C] () -- C:\Windows\SysWow64\tmbvcm32.dll
[2011/11/15 19:47:23 | 000,207,872 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/11/15 19:47:23 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/11/15 08:48:35 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2011/11/15 08:48:33 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2011/11/15 08:48:32 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2011/11/15 08:48:32 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2011/11/15 08:48:29 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2011/11/15 08:48:29 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2011/11/15 08:48:29 | 000,021,266 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2011/11/15 08:48:29 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2011/11/08 03:25:41 | 003,233,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/11/01 02:08:35 | 000,298,584 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/01 02:08:32 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/27 07:26:16 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/10/27 07:26:16 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/10/27 07:26:16 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/10/27 07:26:16 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/10/27 07:26:16 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/08/26 11:49:49 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\abelhadigital.com
[2013/05/13 04:08:21 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Ainishare
[2012/12/18 11:24:39 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Audacity
[2013/01/29 11:35:47 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Auslogics
[2013/02/07 05:23:53 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Awesomium
[2011/12/28 08:03:37 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\BDlot
[2012/01/29 20:28:05 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\BigHugeEngine
[2013/06/22 02:37:50 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\BinaryMark
[2013/03/14 01:31:32 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Boilsoft
[2013/03/01 06:41:02 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\BSplayer
[2013/03/01 06:28:07 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\BSplayer Pro
[2011/12/30 00:11:22 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\cYo
[2012/07/20 08:08:03 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Digiarty
[2013/07/31 17:26:13 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\DisplayTune
[2013/07/12 13:26:44 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\EurekaLog
[2012/07/05 02:30:13 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\eXPert PDF 6
[2013/06/13 01:28:10 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Foxit Software
[2011/10/27 18:32:44 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Leadertech
[2013/08/23 22:17:46 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Leawo
[2011/11/20 21:49:16 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Mael
[2012/04/15 03:05:02 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Mumble
[2012/01/14 20:16:59 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\NationRed
[2013/06/23 02:37:18 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Oracle
[2012/12/01 01:46:15 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Origin
[2013/08/04 16:15:26 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\PDF Experte 8 Professional
[2013/08/04 16:55:07 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\PDF Experte 8 Professional 8
[2013/07/29 03:17:29 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\raidcall
[2013/05/10 03:24:14 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Samsung
[2013/08/04 02:06:21 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Seeing Machines
[2012/07/25 13:52:33 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\ShellFolderFix
[2012/07/09 01:37:51 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Smart Audio Editor
[2013/03/29 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\SuperEasy Software
[2013/08/19 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\SystemRequirementsLab
[2011/12/09 03:32:53 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Sytexis Software
[2012/05/21 01:40:34 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\TeamViewer
[2013/08/23 22:18:12 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\tiger-k
[2012/02/06 03:02:48 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\TomTom
[2013/08/21 03:59:15 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\TS3Client
[2012/06/30 02:00:39 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Ubisoft
[2013/08/26 02:59:59 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\uTorrent
[2011/12/29 23:56:21 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\YouSendIt
[2013/08/19 02:46:13 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\ZiggyTV
[2012/07/25 03:03:16 | 000,000,000 | ---D | M] -- C:\Users\WildCat\AppData\Roaming\Zoner
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:E9EB8C3A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:587EB586

< End of report >
 


“Unthinking respect for authority is the greatest enemy of truth.” ~ Albert Einstein

"The price good men pay for indifference to public affairs is to be ruled by evil men." ~ Plato

“The power of accurate observation is commonly called cynicism by those who haven't got it.”~ George Bernard Shaw

"To take from one because it is thought that his own industry and that of his father’s has acquired too much, in order to spare to others, who, or whose fathers, have not exercised equal industry and skill, is to violate arbitrarily the first principle of association—the guarantee to every one of a free exercise of his industry and the fruits acquired by it." - Thomas Jefferson

"I believe there are more instances of the abridgement of freedom of the people by gradual and silent encroachments by those in power than by violent and sudden usurpations." ~ James Madison

"If ever a time should come, when vain and aspiring men shall possess the highest seats in Government, our country will stand in need of its experienced patriots to prevent its ruin." ~ Samuel Adams

#12 WyldCat

WyldCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluegrass State
  • Local time:04:31 AM

Posted 28 August 2013 - 08:18 AM

OTL Extras logfile created on: 8/28/2013 8:54:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\WildCat\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.08% Memory free
20.49 Gb Paging File | 18.44 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 512 512f:\pagefil [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 120.00 Gb Total Space | 54.78 Gb Free Space | 45.65% Space Free | Partition Type: NTFS
Drive F: | 12.69 Gb Total Space | 0.58 Gb Free Space | 4.61% Space Free | Partition Type: NTFS
Drive G: | 292.97 Gb Total Space | 220.33 Gb Free Space | 75.20% Space Free | Partition Type: NTFS
Drive H: | 97.65 Gb Total Space | 87.12 Gb Free Space | 89.21% Space Free | Partition Type: NTFS
Drive I: | 136.63 Gb Total Space | 58.75 Gb Free Space | 43.00% Space Free | Partition Type: NTFS
Drive J: | 38.68 Gb Total Space | 16.12 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
Drive K: | 100.01 Gb Total Space | 84.68 Gb Free Space | 84.67% Space Free | Partition Type: NTFS
Drive L: | 12.69 Gb Total Space | 0.59 Gb Free Space | 4.61% Space Free | Partition Type: NTFS
Drive M: | 292.97 Gb Total Space | 50.73 Gb Free Space | 17.31% Space Free | Partition Type: NTFS
Drive N: | 97.65 Gb Total Space | 97.43 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive O: | 97.66 Gb Total Space | 97.45 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive P: | 97.66 Gb Total Space | 55.24 Gb Free Space | 56.57% Space Free | Partition Type: NTFS
Drive S: | 931.50 Gb Total Space | 100.51 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive T: | 14.91 Gb Total Space | 14.91 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
 
Computer Name: MFC-WIN7 | User Name: WildCat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Media Players\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Media Players\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Media Players\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Media Players\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E6025A-A62E-490E-903A-80116ED4514B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0CA1A91D-C834-4A65-956B-EAB855C23EE3}" = rport=138 | protocol=17 | dir=out | app=system |
"{0D30129C-0FC6-4777-8D44-88B287536E77}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{10E1BCC1-DB33-46C4-8FBA-8BC0931B4E90}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{1AF77566-34AB-4C95-A1A3-D33DA40D750A}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{1C140209-9F52-4BF4-BD2C-B9EEF7479D73}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{1F119FB4-8632-4071-A5C8-B69DE7709D22}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{23961BDE-967A-45F1-9117-0A6A233E50EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28ADDF63-2EDF-411B-87DF-6596A2A087D2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{291A1909-3610-4B6B-AED8-7CFEAA292731}" = rport=139 | protocol=6 | dir=out | app=system |
"{2A4E2870-B2CC-49C2-8BF6-2E86E04A82C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2ADAC0D0-E631-45F4-AE60-A88F42621E88}" = rport=80 | protocol=6 | dir=out | app=m:\action\warframe\downloaded\public\warframe.x64.exe |
"{2F86EDAE-9494-4361-9B38-F28543F74478}" = lport=58248 | protocol=6 | dir=in | name=pando media booster |
"{36A16917-FA9E-4362-A3E1-41C5ADA98C4A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{460AA9DB-0B2D-4F9B-A4AF-1B152409E85F}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{48F779DA-136B-40A1-8D7E-4233A53ADD60}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50A2BBF6-A141-4636-B039-73DD9F6011F8}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{5B0E714C-E17F-4851-A3CD-D591298E486C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C54D394-6960-40DE-BE67-6CAEF0C4BB40}" = rport=445 | protocol=6 | dir=out | app=system |
"{63AAE713-82AE-4918-BF3C-1B23B9F28006}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{6E7866EE-B101-4FFF-A64F-60CB8E4FBACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{826E03E6-9185-49D7-B857-5BC7F0329DC8}" = lport=138 | protocol=17 | dir=in | app=system |
"{8E3814AF-43FF-4554-9CCB-710B7F044850}" = lport=445 | protocol=6 | dir=in | app=system |
"{8E3C6577-FAB3-44F7-8E4C-F3659B7C8B63}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9033B290-F958-4E67-A6AF-C5E846F11B0F}" = lport=58248 | protocol=17 | dir=in | name=pando media booster |
"{90EF3599-7D09-497F-BB73-7A2AD5648B4C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99167E23-CEFE-44F9-B73A-663ACAA5CD76}" = lport=137 | protocol=17 | dir=in | app=system |
"{A16D9524-6C54-474F-9D88-E5BB3145E2C8}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{A3FDA5FC-4E27-4BC0-A626-1E342B306980}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB172BBB-DD83-45AE-ABEE-29A1183883F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF5845DA-B0C1-41B0-998B-66A377BB3C1B}" = rport=137 | protocol=17 | dir=out | app=system |
"{BFD8C3EB-FD9C-44F7-B059-3B144D589A3B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C76FFA10-837A-484E-86CD-612ADFFF4849}" = rport=80 | protocol=6 | dir=out | app=c:\users\wildcat\appdata\local\warframe\downloaded\public\tools\launcher.exe |
"{C7E332C4-7F11-44D0-A471-B95CB5B8D81B}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{CC28D409-6438-4A0B-B782-073E499BAC35}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{D0F5646A-28D0-4BCE-A02E-7EA31F390798}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{DF9DEDFE-AF38-4599-B465-341C19E643B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E180E88A-F7C6-4DA4-8638-EC64C05DB7C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7DBDEE1-A7C5-46AD-B2B8-00DFBE971EAC}" = lport=58248 | protocol=6 | dir=in | name=pando media booster |
"{EFD44C95-9E52-48B6-AA1B-5A3781E93800}" = lport=58248 | protocol=17 | dir=in | name=pando media booster |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02606F77-4552-40FA-B866-35BEA56B49D9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{028B6176-14E8-468B-8646-4F013CDE0422}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{02C54C45-908E-454B-8469-00CE05969A2F}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{0456870E-4C50-46A7-A813-7FB8CBE1FCCD}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{06F39920-F7DA-4A4B-95BF-1058492A701E}" = protocol=6 | dir=out | app=system |
"{0748FF3F-2704-437B-BFBE-9158F4C376B7}" = protocol=6 | dir=in | app=m:\action\tom clancy's ghost recon future soldier\future soldier.exe |
"{07B4C500-43D3-4F3A-ADBD-005C4C82362D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{07D11570-05A3-4EC3-8A82-B284ECA792CF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{093854E7-030A-4CBF-AFE3-165D8845472C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15048698-9E78-4032-932E-470D9B9DED8D}" = protocol=17 | dir=in | app=m:\flight sim\war thunder\launcher.exe |
"{15340EF5-F0CC-434F-9659-28201FDB8BAC}" = protocol=17 | dir=in | app=m:\dolbyaxon\axon.exe |
"{160FC58E-65D9-4807-AF37-B239F70A6E19}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{185F1B7A-C892-442E-9823-99A1A14945E3}" = protocol=6 | dir=in | app=m:\rpg\star wars-the old republic\launcher.exe |
"{18DC9048-7D67-41B6-A7DD-4C39413EB870}" = dir=out | app=m:\origin\origin.exe |
"{1AA6CA95-B1EB-46F7-9DED-3B4E82DAD1B8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{1B8F8FB7-DBD1-4860-BB58-4A181D3BC3A9}" = protocol=6 | dir=in | app=m:\rpg\star wars-the old republic\launcher.exe |
"{1F159AF2-E530-419D-B312-AA5BC4D490F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{290C2936-4117-4F8B-BE7A-4C7B48EAFFDB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{296A591D-0B01-4C35-8A67-E0A817FDD238}" = protocol=17 | dir=in | app=m:\action\tom clancy's ghost recon future soldier\gu.exe |
"{2B618104-F20D-4CEF-ACAA-15C0A954E1BE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{2F124537-F6F8-4FEB-BBDD-FAAFC21478EB}" = protocol=6 | dir=in | app=m:\planetside 2\awesomium_process.exe |
"{311A8B77-C60F-4295-BB9D-D9C7D0664FAB}" = protocol=17 | dir=in | app=m:\rpg\star wars-the old republic\launcher.exe |
"{315026F9-6C8D-4070-BDF8-832D2AD35030}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\nation red\nationred.exe |
"{33EFA89F-CDF9-43DA-88DB-1E4FF9F10BC6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3416FEB7-47A3-4A74-AA73-D515787CC762}" = protocol=17 | dir=in | app=m:\action\warframe\downloaded\public\warframe.x64.exe |
"{3535A5B8-9768-44BC-A581-F4630D19C944}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\star conflict\game.exe |
"{3F8D3554-45CF-47F2-880C-DA9334A0847F}" = protocol=6 | dir=in | app=c:\users\wildcat\appdata\local\sony online entertainment\applicationupdater\applicationupdaterservice.exe |
"{41931DA8-B1C7-4BF3-8947-8E2FBFDB6FDE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{41A9A635-C8CB-4024-AB8C-2438A545C3B9}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{41BC120B-06D5-49CE-8DC0-40313256D409}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{434D50B2-FFE5-4271-852C-9EDDFD73E06E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{464743EC-AAAF-474A-936B-62C6BFE2CF52}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\forsaken world\patcher.exe |
"{46CD1AC0-0B8C-410E-A0BA-3F888CE10ADD}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{46E13C1D-3329-4D28-BBF0-16CE385110AC}" = protocol=17 | dir=in | app=m:\origin games\battlefield 1942\bf1942.exe |
"{476DDDE5-C107-4A09-BE20-376076D9B576}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4A6B6699-58ED-4826-BF36-A0B1C75D3097}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4C9854FF-68E7-42BC-8CD6-7F56A50A3D7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4FB2353F-8B05-4CDB-806B-CCC82EB7A4DB}" = protocol=6 | dir=in | app=m:\planetside 2\launchpad.exe |
"{5194E58F-29D5-458A-9ECA-C0358B787501}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\star conflict\game.exe |
"{52524A2D-9FBF-490F-B155-45B6A1ED7F5A}" = protocol=17 | dir=in | app=m:\origin games\battlefield 3\bf3.exe |
"{549A4DE9-CD05-42B6-BFE0-85FF2AD99FDE}" = protocol=17 | dir=in | app=m:\action\unreal tournament 3\binaries\ut3.exe |
"{554CA611-D2B9-4A55-8FBF-2AC639B036D0}" = protocol=6 | dir=in | app=m:\action\unreal tournament 3\binaries\ut3.exe |
"{579CE7BB-5FEF-4CD3-BF98-B374EBB07656}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A201138-7D6D-4569-A41E-CD4EE349708E}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\call of duty black ops\blackops.exe |
"{5AE0DDBA-8283-4C08-A8EA-9544A3CB2177}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5EC91D09-210B-4033-9B4C-4ACA558CAD2B}" = protocol=6 | dir=in | app=m:\origin games\battlefield 1942\bf1942.exe |
"{609AD4D5-ECF1-442F-9E58-5A95A7727626}" = protocol=17 | dir=in | app=m:\planetside 2\launchpad.libs\awesomiumprocess.exe |
"{647D8FFF-41BC-4D79-8920-5E9068322A4C}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\forsaken world\patcher.exe |
"{6A432372-112F-4BD0-A15C-D690F465AAFE}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\war thunder\launcher.exe |
"{6B2F49A9-211E-45E9-8881-2485DBFAC09E}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe |
"{77884E7D-0D65-4E96-A5F1-75954B62FFA1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7879C621-5C4A-41B0-B36D-BF198C8F9CDA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{799FCDAC-D4BE-4A86-809C-AA652BCB0FDE}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{7A172D45-427C-4112-8A9D-862292F123FD}" = protocol=6 | dir=in | app=c:\users\wildcat\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7C6EF95D-C09E-4958-876D-0ED66379600E}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7CE05C21-AF1D-47A0-8ADE-671C91D00467}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7FBCC501-3183-4E50-8629-FE3A13F1FB86}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{845A5BBD-EFF8-418F-9254-07BD86C02E6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F247920-5CE8-4976-B1E8-8AAE4A260E31}" = protocol=6 | dir=in | app=m:\flight sim\war thunder\launcher.exe |
"{908AE47F-9825-473E-9437-81382EFD718E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{929B54B6-7DCE-4AE2-B68D-6761DE53F650}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\call of duty black ops\blackops.exe |
"{94588561-1906-48A4-B77A-B4A882A65232}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\nation red\nationred.exe |
"{A3CCB47D-2A14-46EA-A018-D71E497D352C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A413938D-1034-41F5-A0B4-1B4902BDF536}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A4DCF73E-A4BD-40D4-94A5-F59F7A95B03D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{A574D292-4D19-4498-8401-924F7574E391}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5AF95C4-B954-4FFC-B165-C5EA3EDB0D8B}" = protocol=17 | dir=in | app=m:\planetside 2\awesomium_process.exe |
"{A6171D9E-EBFD-408A-AC5B-3379C4983B56}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\war thunder\launcher.exe |
"{AA01C11B-CBAE-4A88-82C6-8FDCDDFAB92A}" = protocol=6 | dir=in | app=m:\planetside 2\launchpad.libs\awesomiumprocess.exe |
"{AA617148-ACF2-49B0-8AE7-C8C8E18EFADC}" = protocol=17 | dir=in | app=m:\planetside 2\launchpad.exe |
"{AB23D3A9-E351-4CF8-BE91-54F7DA9D734E}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{ACE88F26-5F2D-41C8-B26D-16796E4F5C21}" = protocol=17 | dir=in | app=c:\users\wildcat\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B17E9CAC-DCFB-4C30-B2F8-D98B85322430}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B1C6412A-D026-410D-BB40-9292E55CB80B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B7E15FE5-2BB9-4584-A66D-3E0DAE6624B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B83C9A12-83F8-44E6-A382-FE984A1CB7E1}" = protocol=6 | dir=in | app=m:\steam\steam.exe |
"{B8E6F5BD-8E33-4A31-9FE4-DB4247BF7B7B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{B957F99A-3A79-4616-B6D9-E47254CAEB7A}" = protocol=17 | dir=in | app=m:\rpg\star wars-the old republic\launcher.exe |
"{BAA32A0F-51B4-4796-93F7-CFD72B481FE3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{BB4AAFC6-8B16-4244-BA40-C02D43FF1B34}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{C37FBF13-A076-4741-A80A-6122C39C5566}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3C8CDF2-6DF3-4F63-AA3E-48EFCECAC5B9}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\team fortress 2\hl2.exe |
"{C8CE86B1-495B-47AC-BCEA-C4EA6BEBB5E4}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{C9CC2F39-285E-42A6-AB11-4E2BA97ADD57}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{CED34199-6E4B-40DC-925E-299128A75B28}" = protocol=6 | dir=in | app=m:\dolbyaxon\axon.exe |
"{D0029173-C589-4333-BBB2-1E2D16180936}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{D12D83B3-D89E-4C0A-891E-098FE3911387}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\space pirates and zombies demo\spazdemo.exe |
"{D17295A8-4A50-4DBF-B506-C2DAEE51CC6C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D5544F21-3204-479C-B999-8F504DBBB899}" = protocol=6 | dir=in | app=m:\action\tom clancy's ghost recon future soldier\gu.exe |
"{D5D675C1-6A27-44F2-BDC5-01B2C25244E8}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{D7D2B985-DB0A-4802-8778-AE5DC1C93EC6}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{D9CB315A-04B3-4D5B-80F3-08F78DC7AEEE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DA756DB3-905C-46A8-A773-4840BACBE791}" = protocol=17 | dir=in | app=c:\users\wildcat\appdata\local\sony online entertainment\applicationupdater\applicationupdaterservice.exe |
"{DE312072-643F-43C4-9864-8101F7D4A37C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E06F5C53-841B-475F-92B3-430331A12B19}" = protocol=17 | dir=out | app=m:\action\warframe\downloaded\public\warframe.x64.exe |
"{E3384E69-B409-4833-855A-A5C1453BA10D}" = protocol=17 | dir=in | app=m:\action\tom clancy's ghost recon future soldier\future soldier.exe |
"{E70934A7-AD92-4F41-A311-3F7AE3B48B0F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E7614CAF-5FEF-48EF-8F88-E544A54AE41E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{EBC291EF-9357-4CD4-BB17-4E04119D60AE}" = protocol=6 | dir=in | app=m:\origin games\battlefield 3\bf3.exe |
"{EEE4A3C1-9FE8-4BB4-B6F6-9DA3ACC55543}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\space pirates and zombies demo\spazdemo.exe |
"{F01CE965-6E4A-4E0A-BCB5-707D1751A3E9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F345288A-B761-4AAE-9C44-DAD6896CC5C7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F74111DE-010D-4D59-8FC5-E87567841303}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7E4C524-E92B-4AD0-8023-388EB06EB522}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F99DD7BD-2E50-49B5-925D-8F728D826546}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{FAE82E10-2D8B-4933-AF9E-3C5020452D70}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\team fortress 2\hl2.exe |
"{FBB89415-5447-468A-871F-6D627F58A39E}" = protocol=17 | dir=in | app=m:\steam\steam.exe |
"{FEAA6F03-35FF-41B4-9B4A-4BDD62E17F92}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"TCP Query User{17B6A338-1DE6-4458-AC1C-6AA131BD6DAE}M:\rpg\star trek online\star trek online\playtest\gameclient.exe" = protocol=6 | dir=in | app=m:\rpg\star trek online\star trek online\playtest\gameclient.exe |
"TCP Query User{18CCDF4F-AE26-4DD2-8505-728954891520}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{3A9221A3-F769-4203-9365-0EF5B71D5B68}C:\program files (x86)\media players\leawo blu-ray player\leawo blu-ray player.exe" = protocol=6 | dir=in | app=c:\program files (x86)\media players\leawo blu-ray player\leawo blu-ray player.exe |
"TCP Query User{48B4DD96-F3B6-46E8-89B5-08C4B0E0463B}M:\flight sim\war thunder\aces.exe" = protocol=6 | dir=in | app=m:\flight sim\war thunder\aces.exe |
"TCP Query User{5A8F6C2B-BF36-48C5-8476-6F14E88B7B1D}C:\program files (x86)\audio & video converters x64\leawo video converter ultimate\loadingscreen.exe" = protocol=6 | dir=in | app=c:\program files (x86)\audio & video converters x64\leawo video converter ultimate\loadingscreen.exe |
"TCP Query User{61514DB0-160F-414F-8465-2966B01F22D5}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{66DFAA6C-A41C-4B38-94BA-144186B5067D}M:\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=m:\planetside 2\planetside2.exe |
"TCP Query User{6A887A17-A767-4D6C-9A77-A04875D12FCF}M:\action\ghost recon online\ncsa-live\ghostrecononline.exe" = protocol=6 | dir=in | app=m:\action\ghost recon online\ncsa-live\ghostrecononline.exe |
"TCP Query User{7B341EF9-42F6-4000-8DB8-04CCE60029F5}M:\rpg\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=m:\rpg\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{7FED21B3-0099-4352-AEA4-6973066F3F51}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{83BE3731-1A73-425B-B579-BCF29A09CBD6}C:\program files (x86)\facetracknoir\facetracknoir.exe" = protocol=6 | dir=in | app=c:\program files (x86)\facetracknoir\facetracknoir.exe |
"TCP Query User{94AA440E-F5E8-4F96-8D43-6DE2181DCF97}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"TCP Query User{971D32D9-D5F0-406B-BF1F-A6699809D330}C:\users\wildcat\appdata\local\apps\2.0\tyh0a9o2.a91\gzd97e5n.6lg\laun...app_59711684aa47878d_0001.001e_dde26337fe279e93\launcher.exe" = protocol=6 | dir=in | app=c:\users\wildcat\appdata\local\apps\2.0\tyh0a9o2.a91\gzd97e5n.6lg\laun...app_59711684aa47878d_0001.001e_dde26337fe279e93\launcher.exe |
"TCP Query User{A634A570-C810-47FE-A9C1-4BBFC0CD883B}M:\action\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=m:\action\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"TCP Query User{AC71D6B5-82E4-4BC6-88B4-DC1F265250FC}M:\rpg\firefall\system\bin\firefallclient.exe" = protocol=6 | dir=in | app=m:\rpg\firefall\system\bin\firefallclient.exe |
"TCP Query User{B8D38240-0463-4CF1-98F1-A7E6F1F178F3}M:\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=6 | dir=in | app=m:\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe |
"TCP Query User{BFF5D306-02A3-4E3A-A196-87A95E25F221}C:\stun server\server.exe" = protocol=6 | dir=in | app=c:\stun server\server.exe |
"TCP Query User{CCFB5B41-E4A2-4FA2-8F14-4AC2F1A3418C}M:\raidcall\raidcall.exe" = protocol=6 | dir=in | app=m:\raidcall\raidcall.exe |
"TCP Query User{D826F911-5AB7-41FC-9EB4-1508D2A1F3BF}C:\users\wildcat\appdata\local\apps\2.0\tyh0a9o2.a91\gzd97e5n.6lg\laun...app_59711684aa47878d_0001.0022_3faec28a70760353\launcher.exe" = protocol=6 | dir=in | app=c:\users\wildcat\appdata\local\apps\2.0\tyh0a9o2.a91\gzd97e5n.6lg\laun...app_59711684aa47878d_0001.0022_3faec28a70760353\launcher.exe |
"TCP Query User{E3004225-9C01-47D1-ABFE-C87D9BB18236}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"TCP Query User{E93EBCAB-5CEE-48F9-AE04-2D885B455362}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{E9557C6D-BDEE-49AD-8236-7C37E887B6B4}G:\action\call of duty\coduomp.exe" = protocol=6 | dir=in | app=g:\action\call of duty\coduomp.exe |
"UDP Query User{087C17F4-5529-4674-A75C-210468A93E0D}M:\flight sim\war thunder\aces.exe" = protocol=17 | dir=in | app=m:\flight sim\war thunder\aces.exe |
"UDP Query User{0B136380-436E-463B-ACC8-0FCA701BEF9A}M:\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=m:\planetside 2\planetside2.exe |
"UDP Query User{1BB6CC63-9A4D-440D-8BFC-F63A3CFAFAD8}M:\rpg\star trek online\star trek online\playtest\gameclient.exe" = protocol=17 | dir=in | app=m:\rpg\star trek online\star trek online\playtest\gameclient.exe |
"UDP Query User{1C82E295-530A-4BEA-A6A0-AFD9FAC081BD}M:\action\ghost recon online\ncsa-live\ghostrecononline.exe" = protocol=17 | dir=in | app=m:\action\ghost recon online\ncsa-live\ghostrecononline.exe |
"UDP Query User{1E253B5F-0F95-4F10-98F3-0B70D9BBDC36}C:\users\wildcat\appdata\local\apps\2.0\tyh0a9o2.a91\gzd97e5n.6lg\laun...app_59711684aa47878d_0001.0022_3faec28a70760353\launcher.exe" = protocol=17 | dir=in | app=c:\users\wildcat\appdata\local\apps\2.0\tyh0a9o2.a91\gzd97e5n.6lg\laun...app_59711684aa47878d_0001.0022_3faec28a70760353\launcher.exe |
"UDP Query User{4A0106AE-D91A-4C98-845B-2906FAFF5343}M:\raidcall\raidcall.exe" = protocol=17 | dir=in | app=m:\raidcall\raidcall.exe |
"UDP Query User{4BAF9D18-5043-40DE-895E-BE5F043E6EC7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{5D243280-1BEE-492F-8F72-DAF9723B371D}C:\program files (x86)\audio & video converters x64\leawo video converter ultimate\loadingscreen.exe" = protocol=17 | dir=in | app=c:\program files (x86)\audio & video converters x64\leawo video converter ultimate\loadingscreen.exe |
"UDP Query User{5E0D7E80-05A1-45AD-9C47-1E6DAB185326}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"UDP Query User{65CA7C4D-D875-46D3-B370-3F0D5592A2A8}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{74422D9B-C062-44D9-8BA7-0AA0B3DE0244}M:\rpg\firefall\system\bin\firefallclient.exe" = protocol=17 | dir=in | app=m:\rpg\firefall\system\bin\firefallclient.exe |
"UDP Query User{790A4D2E-8E30-4C01-AAB3-5C5B7B686CA1}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"UDP Query User{803E6383-BB40-42A9-B987-C242B9F7B5D5}M:\rpg\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=m:\rpg\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{854FC635-CC4E-4640-9AD3-3216E58A472D}C:\users\wildcat\appdata\local\apps\2.0\tyh0a9o2.a91\gzd97e5n.6lg\laun...app_59711684aa47878d_0001.001e_dde26337fe279e93\launcher.exe" = protocol=17 | dir=in | app=c:\users\wildcat\appdata\local\apps\2.0\tyh0a9o2.a91\gzd97e5n.6lg\laun...app_59711684aa47878d_0001.001e_dde26337fe279e93\launcher.exe |
"UDP Query User{930BE39C-0770-4802-89AE-B7300BCA9799}M:\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=17 | dir=in | app=m:\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe |
"UDP Query User{A2842AB2-3735-407E-8505-64421DDD0326}M:\action\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=m:\action\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"UDP Query User{A8402457-C54D-4D52-9159-0A9802CB4EA7}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{B44AF052-A56C-49C9-9648-B93EF8F5869C}C:\program files (x86)\facetracknoir\facetracknoir.exe" = protocol=17 | dir=in | app=c:\program files (x86)\facetracknoir\facetracknoir.exe |
"UDP Query User{BB2B79CB-123C-4A1B-B805-FCD7124229BB}G:\action\call of duty\coduomp.exe" = protocol=17 | dir=in | app=g:\action\call of duty\coduomp.exe |
"UDP Query User{BC06BD8D-E58D-4C15-B94B-677D217EE649}C:\program files (x86)\media players\leawo blu-ray player\leawo blu-ray player.exe" = protocol=17 | dir=in | app=c:\program files (x86)\media players\leawo blu-ray player\leawo blu-ray player.exe |
"UDP Query User{D4A55B6B-4D14-429D-A0C5-854546192755}C:\stun server\server.exe" = protocol=17 | dir=in | app=c:\stun server\server.exe |
"UDP Query User{DFDFE7A0-6CC9-44CE-91D2-43C04DA4C0E7}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3DD823AB-145A-4522-B9F6-A9566121F837}_is1" = ShellFolderFix 1.1.4
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B408139D-04D6-4464-A979-D335E48F7063}" = NaturalPoint USB Drivers x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DE4A8AFC-90BB-4FB5-92E9-09B06ECA3A7E}" = Macrium Reflect Free Edition
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"BDlot DVD Clone Ultimate_is1" = BDlot DVD Clone Ultimate 3.1.0
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.149
"LatencyMon_is1" = LatencyMon 5.00
"Logitech Gaming Software" = Logitech Gaming Software 8.46
"MediaInfo" = MediaInfo 0.7.63
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0
"WinX DVD Copy Pro_is1" = WinX DVD Copy Pro 3.4.7
"ZonerPhotoStudio14_EN_is1" = Zoner Photo Studio 14
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1" = SuperEasy Audio Converter 2 v.2.1.3056
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15CC861C-C69E-3758-8961-CE304C2595B6}" = Google Talk Plugin
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.5.1.1
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D FurMark 1.11.0
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2886A35C-36A2-409A-A0C3-6199B7B163C0}" = Warframe
"{30AB2FCD-FBF2-4bed-1111-13E6A1461121}_is1" = Ainishare Audio Converter 1.0.0
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B48D7E3-DAB1-4FDD-8A2B-E39D7F97C9F3}_is1" = Boilsoft Screen Recorder 1.05
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}" = Sennheiser 3D G4ME1
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
"{754854DC-2E0A-49D8-A1A1-426C1F9B1459}" = Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 12 Home Special Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E887DDE-2882-43E3-8AAF-127F8198030D}_is1" = Leawo Youtube Downloader Version: 4.0.0.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1" = Leawo Blu-ray Player
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60924D0-86C6-441B-BD39-BA3037508976}" = NVIDIA PhysX Unreal Tournament 3 Mods
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{D8F33108-139F-409A-A160-B9510DE736B3}_is1" = Auslogics File Recovery
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.252
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8FF54F5-AF73-4698-BF5C-393689CD0079}_is1" = Leawo Video Converter Ultimate version  6.1.0.0
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = PDF Experte 8 Professional
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"AC3Filter" = AC3Filter (remove only)
"AcMgrDDL" = DDL and DTS Connect License Activation
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ALchemy" = Creative ALchemy
"Android SDK Tools" = Android SDK Tools
"Atmosphere Lite_is1" = Atmosphere Lite v7.0
"Audacity_is1" = Audacity 2.0.2
"AudioCS" = Creative Audio Control Panel
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BSPlayerf" = BS.Player FREE
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-05-30
"Console Launcher" = Creative Console Launcher
"Creative AutoMode Switcher" = AutoMode Switcher
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Volume Panel
"Diablo III" = Diablo III
"DivX Setup" = DivX Setup
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"Easy DVD Player" = Easy DVD Player
"ESN Sonar-0.70.4" = ESN Sonar
"FaceTrackNoIR_is1" = FaceTrackNoIR version 1.7
"FLV Player2.0.25" = FLV Player
"Foxit Reader_is1" = Foxit Reader
"Game Booster_is1" = Game Booster 3
"iCare Data Recovery Professional_is1" = iCare Data Recovery Professional 4.6.3.3
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"iTunes Data Recovery" = iTunes Data Recovery
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.4.0 (Basic)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"Origin" = Origin
"PaintSupreme 1.1" = PaintSupreme
"PlayClaw" = PlayClaw
"Precision" = EVGA Precision 2.0.4
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"SFBM" = SoundFont Bank Manager
"Smart Audio Editor_is1" = SmartAudioEditor v6.0.1
"Star Trek Online" = Star Trek Online
"Steam App 107210" = Space Pirates and Zombies Demo
"Steam App 203970" = Kingdoms of Amalur: Reckoning Demo
"Steam App 212070" = Star Conflict
"Steam App 236390" = War Thunder
"Steam App 39800" = Nation Red
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Streaming Video Downloader" = Streaming Video Downloader 6.0
"TeamViewer 8" = TeamViewer 8
"THX_Console_Unicode" = THX Setup Console
"uTorrent" = µTorrent
"VJoy Virtual Joystick Driver_is1" = VJoy Virtual Joystick Driver 1.2
"VLC media player" = VLC media player 2.0.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Author_is1" = WinX DVD Author 6.0
"WinX DVD Ripper Platinum Streamer Edition_is1" = WinX DVD Ripper Platinum Streamer Edition 6.8.2
"WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.12.5
"X-Mouse Button Control" = X-Mouse Button Control 2.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc418bf9b18f76aa" = Ghost Recon Online (NCSA-Live)
"Hawken" = Hawken
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"MyFreeCodec" = MyFreeCodec
"SOE-C:/Users/WildCat/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-M:/PlanetSide 2" = gamelauncher-ps2-live
"soe-PlanetSide 2" = PlanetSide 2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/24/2013 4:07:20 AM | Computer Name = MFC-Win7 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "S:\1-FirefoxTemp\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/24/2013 1:18:09 PM | Computer Name = MFC-Win7 | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 23.0.1.4974 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1468    Start
 Time: 01cea0ece9123c33    Termination Time: 6    Application Path: C:\Program Files (x86)\Mozilla
 Firefox\firefox.exe    Report Id: 22166c82-0ce1-11e3-a7f8-6cf049770eaa  
 
Error - 8/25/2013 5:54:15 AM | Computer Name = MFC-Win7 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Tools\Hex
 Workshop Ver.6.01\HWorks32.exe".Error in manifest or policy file "" on line .  A
component version required by the application conflicts with another component version
 already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/25/2013 10:13:36 AM | Computer Name = MFC-Win7 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Tools\Hex
 Workshop Ver.6.01\HWorks32.exe".Error in manifest or policy file "" on line .  A
component version required by the application conflicts with another component version
 already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/26/2013 3:18:30 AM | Computer Name = MFC-Win7 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Tools\Hex
 Workshop Ver.6.01\HWorks32.exe".Error in manifest or policy file "" on line .  A
component version required by the application conflicts with another component version
 already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/26/2013 7:40:27 AM | Computer Name = MFC-Win7 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "S:\1-FirefoxTemp\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/26/2013 12:38:58 PM | Computer Name = MFC-Win7 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Tools\Hex
 Workshop Ver.6.01\HWorks32.exe".Error in manifest or policy file "" on line .  A
component version required by the application conflicts with another component version
 already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/26/2013 12:38:58 PM | Computer Name = MFC-Win7 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Tools\Hex
 Workshop Ver.6.01\HWorks32.exe".Error in manifest or policy file "" on line .  A
component version required by the application conflicts with another component version
 already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/27/2013 7:31:01 AM | Computer Name = MFC-Win7 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Tools\Hex
 Workshop Ver.6.01\HWorks32.exe".Error in manifest or policy file "" on line .  A
component version required by the application conflicts with another component version
 already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 8/28/2013 8:48:04 AM | Computer Name = MFC-Win7 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "S:\1-FirefoxTemp\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 8/28/2013 2:27:08 AM | Computer Name = MFC-Win7 | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 8/28/2013 2:31:38 AM | Computer Name = MFC-Win7 | Source = PNRPSvc | ID = 102
Description =
 
Error - 8/28/2013 2:31:38 AM | Computer Name = MFC-Win7 | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 8/28/2013 2:31:38 AM | Computer Name = MFC-Win7 | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 8/28/2013 2:31:48 AM | Computer Name = MFC-Win7 | Source = PNRPSvc | ID = 102
Description =
 
Error - 8/28/2013 2:31:48 AM | Computer Name = MFC-Win7 | Source = PNRPSvc | ID = 102
Description =
 
Error - 8/28/2013 2:31:48 AM | Computer Name = MFC-Win7 | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 8/28/2013 2:31:48 AM | Computer Name = MFC-Win7 | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 8/28/2013 2:31:48 AM | Computer Name = MFC-Win7 | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 8/28/2013 2:31:48 AM | Computer Name = MFC-Win7 | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
 
< End of report >
 


“Unthinking respect for authority is the greatest enemy of truth.” ~ Albert Einstein

"The price good men pay for indifference to public affairs is to be ruled by evil men." ~ Plato

“The power of accurate observation is commonly called cynicism by those who haven't got it.”~ George Bernard Shaw

"To take from one because it is thought that his own industry and that of his father’s has acquired too much, in order to spare to others, who, or whose fathers, have not exercised equal industry and skill, is to violate arbitrarily the first principle of association—the guarantee to every one of a free exercise of his industry and the fruits acquired by it." - Thomas Jefferson

"I believe there are more instances of the abridgement of freedom of the people by gradual and silent encroachments by those in power than by violent and sudden usurpations." ~ James Madison

"If ever a time should come, when vain and aspiring men shall possess the highest seats in Government, our country will stand in need of its experienced patriots to prevent its ruin." ~ Samuel Adams

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:31 AM

Posted 28 August 2013 - 03:10 PM

Good evening. :)

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop:
 

  • Linky #1
  • Linky #2
     
  • Double-click SystemLook.exe to run it.
  • Copy the following bold text into the main textfield:

    :filefind
    explorer.*
    userinit.*

 

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan - the log can also be found on your Desktop entitled SystemLook.txt
  • Please post the contents of this log in your next reply.

 

 

 

 


So long, and thanks for all the fish.

 

 


#14 WyldCat

WyldCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluegrass State
  • Local time:04:31 AM

Posted 28 August 2013 - 04:00 PM

Here you go!

Thanks,

WC

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:54 on 28/08/2013 by WildCat
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.*"
C:\Windows\explorer.exe    --a---- 2871808 bytes    [08:04 27/10/2011]    [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\en-US\explorer.exe.mui    --a---- 22016 bytes    [05:35 14/07/2009]    [02:26 14/07/2009] 4B87EEFDC8E253F846A7DFB49A8E6C70
C:\Windows\PolicyDefinitions\Explorer.admx    --a---- 3836 bytes    [21:48 13/07/2009]    [20:53 10/06/2009] AD131A834808E6AFF4A3918DE05BFCF6
C:\Windows\PolicyDefinitions\en-US\Explorer.adml    --a---- 3695 bytes    [05:35 14/07/2009]    [02:30 14/07/2009] 7A4C7F3CB156543113596988479CAFCE
C:\Windows\Prefetch\EXPLORER.EXE-8D561148.pf    --a---- 149336 bytes    [07:37 26/08/2013]    [07:08 28/08/2013] 2EB448084E7AAD4987AFBBB5BC80BF5B
C:\Windows\SysWOW64\explorer.exe    --a---- 2616320 bytes    [08:04 27/10/2011]    [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\SysWOW64\en-US\explorer.exe.mui    --a---- 22016 bytes    [05:35 14/07/2009]    [02:06 14/07/2009] B9F4B1CA23D60775736059D72BA48526
C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui    --a---- 22016 bytes    [05:35 14/07/2009]    [02:26 14/07/2009] 4B87EEFDC8E253F846A7DFB49A8E6C70
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe    --a---- 2868224 bytes    [23:56 13/07/2009]    [01:39 14/07/2009] C235A51CB740E45FFA0EBFB9BAFCDA64
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe    --a---- 2868224 bytes    [08:04 27/10/2011]    [06:17 03/08/2009] F170B4A061C9E026437B193B4D571799
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe    --a---- 2870272 bytes    [08:04 27/10/2011]    [06:34 31/10/2009] 9AAAEC8DAC27AA17B053E6352AD233AE
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe    --a---- 2870272 bytes    [08:04 27/10/2011]    [06:23 26/02/2011] 0862495E0C825893DB75EF44FAEA8E93
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe    --a---- 2868224 bytes    [08:04 27/10/2011]    [06:19 03/08/2009] 700073016DAC1C3D2E7E2CE4223334B6
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe    --a---- 2870272 bytes    [08:04 27/10/2011]    [06:38 31/10/2009] B8EC4BD49CE8F6FC457721BFC210B67F
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe    --a---- 2870784 bytes    [08:04 27/10/2011]    [06:26 26/02/2011] E38899074D4951D31B4040E994DD7C8D
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe    --a---- 2872320 bytes    [03:03 29/10/2011]    [13:24 20/11/2010] AC4C51EB24AA95B77F705AB159189E24
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe    --a---- 2871808 bytes    [08:04 27/10/2011]    [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe    --a---- 2871808 bytes    [08:04 27/10/2011]    [06:14 26/02/2011] 3B69712041F3D63605529BD66DC00C48
C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml    --a---- 3695 bytes    [05:35 14/07/2009]    [02:30 14/07/2009] 7A4C7F3CB156543113596988479CAFCE
C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx    --a---- 3836 bytes    [21:48 13/07/2009]    [20:53 10/06/2009] AD131A834808E6AFF4A3918DE05BFCF6
C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui    --a---- 22016 bytes    [05:35 14/07/2009]    [02:06 14/07/2009] B9F4B1CA23D60775736059D72BA48526
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe    --a---- 2613248 bytes    [23:41 13/07/2009]    [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe    --a---- 2613248 bytes    [08:04 27/10/2011]    [05:35 03/08/2009] B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe    --a---- 2614272 bytes    [08:04 27/10/2011]    [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe    --a---- 2614784 bytes    [08:04 27/10/2011]    [05:33 26/02/2011] 2AF58D15EDC06EC6FDACCE1F19482BBF
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe    --a---- 2613248 bytes    [08:04 27/10/2011]    [05:49 03/08/2009] 9FF6C4C91A3711C0A3B18F87B08B518D
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe    --a---- 2614272 bytes    [08:04 27/10/2011]    [06:00 31/10/2009] C76153C7ECA00FA852BB0C193378F917
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe    --a---- 2614784 bytes    [08:04 27/10/2011]    [05:51 26/02/2011] 255CF508D7CFB10E0794D6AC93280BD8
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe    --a---- 2616320 bytes    [03:03 29/10/2011]    [12:17 20/11/2010] 40D777B7A95E00593EB1568C68514493
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe    --a---- 2616320 bytes    [08:04 27/10/2011]    [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe    --a---- 2616320 bytes    [08:04 27/10/2011]    [05:19 26/02/2011] 0FB9C74046656D1579A64660AD67B746

Searching for "userinit.*"
C:\Windows\Prefetch\USERINIT.EXE-0C084730.pf    --a---- 12716 bytes    [06:31 28/08/2013]    [06:31 28/08/2013] C555FAB7DC82F0DA3DD415ED258DC5DF
C:\Windows\System32\userinit.exe    --a---- 30720 bytes    [03:02 29/10/2011]    [13:25 20/11/2010] BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\System32\en-US\userinit.exe.mui    --a---- 3584 bytes    [05:35 14/07/2009]    [02:26 14/07/2009] 87AE19DA46FE7D5E293937DD36FF1889
C:\Windows\SysWOW64\userinit.exe    --a---- 26624 bytes    [03:03 29/10/2011]    [12:17 20/11/2010] 61AC3EFDFACFDD3F0F11DD4FD4044223
C:\Windows\SysWOW64\en-US\userinit.exe.mui    --a---- 3584 bytes    [05:35 14/07/2009]    [02:03 14/07/2009] EA67C653ECFED02D7DBFB889A908CAA9
C:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ebe597d2ec03996d\userinit.exe.mui    --a---- 3584 bytes    [05:35 14/07/2009]    [02:26 14/07/2009] 87AE19DA46FE7D5E293937DD36FF1889
C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe    --a---- 30208 bytes    [23:50 13/07/2009]    [01:39 14/07/2009] 6F8F1376A13114CC10C0E69274F5A4DE
C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe    --a---- 30720 bytes    [03:02 29/10/2011]    [13:25 20/11/2010] BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8fc6fc4f33a62837\userinit.exe.mui    --a---- 3584 bytes    [05:35 14/07/2009]    [02:03 14/07/2009] EA67C653ECFED02D7DBFB889A908CAA9
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe    --a---- 26112 bytes    [23:34 13/07/2009]    [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe    --a---- 26624 bytes    [03:03 29/10/2011]    [12:17 20/11/2010] 61AC3EFDFACFDD3F0F11DD4FD4044223

-= EOF =-


“Unthinking respect for authority is the greatest enemy of truth.” ~ Albert Einstein

"The price good men pay for indifference to public affairs is to be ruled by evil men." ~ Plato

“The power of accurate observation is commonly called cynicism by those who haven't got it.”~ George Bernard Shaw

"To take from one because it is thought that his own industry and that of his father’s has acquired too much, in order to spare to others, who, or whose fathers, have not exercised equal industry and skill, is to violate arbitrarily the first principle of association—the guarantee to every one of a free exercise of his industry and the fruits acquired by it." - Thomas Jefferson

"I believe there are more instances of the abridgement of freedom of the people by gradual and silent encroachments by those in power than by violent and sudden usurpations." ~ James Madison

"If ever a time should come, when vain and aspiring men shall possess the highest seats in Government, our country will stand in need of its experienced patriots to prevent its ruin." ~ Samuel Adams

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:31 AM

Posted 28 August 2013 - 04:27 PM

Run OTL.exe.
 

  • Copy and paste the following bold text into the Custom Scans/Fixes box at the bottom:

    :OTL
    O4 - Startup: C:\Users\WildCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShellFolderFix.lnk =  File not found

    :Reg
    [-HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}]
    [-HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}]
    [-HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1]
    [-HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager]
    [-HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}]

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

 

  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.

Please let me have a copy of the log that appears once OTL has completed it's run.


Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403 

 

 

Will you also tell me how the PC is behaving now.


Edited by Noviciate, 28 August 2013 - 04:28 PM.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users