Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OTL Logs


  • This topic is locked This topic is locked
41 replies to this topic

#1 brandontf8o8

brandontf8o8

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 10 May 2014 - 06:03 AM

Hey guys,

 

I was getting help from boopme in the security section of the forums and he directed me here.  Also please note that I tried to follow the steps in the prep guide, however I cannot access the DDS.txt files on my computer so im posting these logs instead.  Any help would be much appreciated. Thanks!

 

OTL.txt

OTL logfile created on: 5/10/2014 12:46:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Windows\SysWOW64\config\systemprofile\Documents\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.86 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 55.93% Memory free
7.73 Gb Paging File | 5.86 Gb Available in Paging File | 75.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 22.62 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
 
Computer Name: BRANDONFLEMING | User Name: Brandon Fleming | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\config\systemprofile\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_06) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater18.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (DeviceMonitorService) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (CLKMSVC10_1628BCEA) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe (CyberLink)
SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (EMP_UDSA) -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (SEIKO EPSON CORPORATION)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (IDT, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (eppvad_simple) -- C:\Windows\SysNative\drivers\EMP_UDAU.sys (SEIKO EPSON CORPORATION)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdflt.sys (ST Microelectronics)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (cm_net) -- C:\Windows\SysNative\drivers\cm_net.sys (C-motech Co.,Ltd.)
DRV:64bit: - (cm_ser) -- C:\Windows\SysNative\drivers\cm_ser.sys (C-motech Co.,Ltd.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3D1CA7C8-1D19-46F3-B8A6-1F825D4BDCD8}
IE:64bit: - HKLM\..\SearchScopes\{3D1CA7C8-1D19-46F3-B8A6-1F825D4BDCD8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKLM\..\SearchScopes\{D46FD754-705A-4C71-AC7C-646217582708}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {D46FD754-705A-4C71-AC7C-646217582708}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {D46FD754-705A-4C71-AC7C-646217582708}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/06 10:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
 
[2013/05/25 12:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/25 12:32:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/22 08:13:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/22 08:03:13 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = \Users\Brandon Fleming\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = \Users\Brandon Fleming\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = \Users\Brandon Fleming\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = \Users\Brandon Fleming\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = \Users\Brandon Fleming\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\18.1.0.443_0\
CHR - Extension: No name found = \Users\Brandon Fleming\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = \Users\Brandon Fleming\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 11:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [GoogleChromeAutoLaunch_50A9215009AE0931A8FCDF5026E9246D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [GoogleChromeAutoLaunch_50A9215009AE0931A8FCDF5026E9246D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Windows\SysWOW64\config\Journal\NTUSER.DAT ()
O4 - Startup: C:\Windows\SysWOW64\config\Journal\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Windows\SysWOW64\config\Journal\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Windows\SysWOW64\config\Journal\NTUSER.DAT{e9142658-bb14-11df-bfff-b8ac6f68cf07}.TM.blf ()
O4 - Startup: C:\Windows\SysWOW64\config\Journal\NTUSER.DAT{e9142658-bb14-11df-bfff-b8ac6f68cf07}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Windows\SysWOW64\config\Journal\NTUSER.DAT{e9142658-bb14-11df-bfff-b8ac6f68cf07}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Windows\SysWOW64\config\RegBack\NTUSER.DAT ()
O4 - Startup: C:\Windows\SysWOW64\config\RegBack\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Windows\SysWOW64\config\RegBack\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Windows\SysWOW64\config\RegBack\NTUSER.DAT{e914265c-bb14-11df-bfff-b8ac6f68cf07}.TM.blf ()
O4 - Startup: C:\Windows\SysWOW64\config\RegBack\NTUSER.DAT{e914265c-bb14-11df-bfff-b8ac6f68cf07}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Windows\SysWOW64\config\RegBack\NTUSER.DAT{e914265c-bb14-11df-bfff-b8ac6f68cf07}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\AppData [2009/07/13 18:55:33 | 000,000,000 | --SD | M]
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\Desktop [2014/05/10 00:42:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\SysWow64\config\systemprofile\Documents [2014/05/06 20:27:19 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\Favorites [2010/09/05 19:17:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\SysWow64\config\systemprofile\Music [2014/05/06 16:56:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat.LOG1 ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat.LOG2 ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{661503f2-2c34-11e0-aeb3-b8ac6f68cf07}.TM.blf ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{661503f2-2c34-11e0-aeb3-b8ac6f68cf07}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{661503f2-2c34-11e0-aeb3-b8ac6f68cf07}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{e9142660-bb14-11df-bfff-b8ac6f68cf07}.TM.blf ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{e9142660-bb14-11df-bfff-b8ac6f68cf07}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\ntuser.dat{e9142660-bb14-11df-bfff-b8ac6f68cf07}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Windows\SysWow64\config\systemprofile\Pictures [2014/05/05 07:29:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\SysWow64\config\systemprofile\Videos [2014/05/05 07:29:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\SysWOW64\config\TxR\NTUSER.DAT ()
O4 - Startup: C:\Windows\SysWOW64\config\TxR\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Windows\SysWOW64\config\TxR\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Windows\SysWOW64\config\TxR\NTUSER.DAT{e9142664-bb14-11df-bfff-b8ac6f68cf07}.TM.blf ()
O4 - Startup: C:\Windows\SysWOW64\config\TxR\NTUSER.DAT{e9142664-bb14-11df-bfff-b8ac6f68cf07}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Windows\SysWOW64\config\TxR\NTUSER.DAT{e9142664-bb14-11df-bfff-b8ac6f68cf07}.TMContainer00000000000000000002.regtrans-ms ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B637A0B0-D221-421E-B669-6ADC38E29552}: DhcpNameServer = 192.168.43.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/10 00:42:08 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Desktop
[2014/05/06 20:33:40 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/06 20:28:00 | 000,000,000 | ---D | C] -- C:\FRST
[2014/05/06 20:28:00 | 000,000,000 | ---D | C] -- \FRST
[2014/05/06 16:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/05/06 16:50:23 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/06 16:50:23 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/05 07:52:20 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2014/05/05 07:29:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cache
[2014/05/05 07:29:12 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Videos
[2014/05/05 07:29:12 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Pictures
[2014/05/05 07:29:12 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Music
[2014/05/05 07:29:12 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Documents
[2014/04/27 16:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/04/20 17:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2014/04/20 17:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hearthstone
[2014/04/20 16:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2014/04/20 16:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2014/04/20 16:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014/04/20 16:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2014/04/20 16:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/10 00:43:00 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2894953030-1586989481-1530868407-1001.job
[2014/05/10 00:38:00 | 000,000,725 | ---- | M] () -- C:\Windows\tasks\EPSON XP-310 Series Invitation {657EE955-5995-4C2A-AC01-C9CA67144E2F}.job
[2014/05/10 00:37:00 | 000,000,911 | ---- | M] () -- C:\Windows\tasks\EPSON XP-310 Series Update {657EE955-5995-4C2A-AC01-C9CA67144E2F}.job
[2014/05/10 00:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/10 00:03:07 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/09 10:02:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/09 09:50:55 | 000,786,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/09 09:50:55 | 000,665,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/09 09:50:55 | 000,123,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/09 09:38:08 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/09 09:38:08 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/09 09:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/09 09:30:24 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/29 12:17:03 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/29 12:17:03 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/27 16:18:32 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/04/20 17:03:19 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014/04/13 16:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/04/13 16:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/29 12:46:39 | 000,000,558 | ---- | C] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2894953030-1586989481-1530868407-1001.job
[2014/04/20 17:03:19 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014/02/17 20:51:41 | 000,000,298 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2014/02/02 20:22:02 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2014/01/28 22:40:35 | 000,000,044 | ---- | C] () -- C:\Windows\XP-310.ini
[2012/01/07 11:34:47 | 000,001,286 | -HS- | C] () -- C:\ProgramData\20hlbp05c311gs8ne8eyw62q8b8t40340yne6224e5dp22
[2010/05/06 03:04:37 | 000,004,058 | RH-- | C] () -- \dell.sdr
[2010/05/06 02:12:11 | 3111,534,592 | -HS- | C] () -- \hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009/07/13 18:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 16:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 15:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 15:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 02:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 15:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:359B3BDA
 
< End of report >
 
 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
EXTRAS.txt

OTL Extras logfile created on: 5/10/2014 12:46:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Windows\SysWOW64\config\systemprofile\Documents\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.86 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 55.93% Memory free
7.73 Gb Paging File | 5.86 Gb Available in Paging File | 75.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 22.62 Gb Free Space | 7.98% Space Free | Partition Type: NTFS
 
Computer Name: BRANDONFLEMING | User Name: Brandon Fleming | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013D77B2-F448-4937-A9FC-39C81E5BEADE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{02E2EA79-6845-4B83-96E1-4873FDBAC58A}" = lport=6925 | protocol=17 | dir=in | name=league of legends launcher | 
"{0718E18A-83D1-433B-B46D-4EF97EC0E013}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher | 
"{11B9696F-25E2-4823-B8A4-6466AD5FEC22}" = lport=6935 | protocol=6 | dir=in | name=league of legends launcher | 
"{12A040B4-EF90-4FB4-829A-7DDCE6F504FB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1573DBE5-D752-4BDD-B4E9-7D1320E29743}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{188C2A58-02BB-4617-8A29-687EB44006CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1E889DC1-39A1-4CDA-9DC9-5CF3C56DBE8E}" = lport=6936 | protocol=6 | dir=in | name=league of legends launcher | 
"{22A6172E-0AAE-4CEA-981F-51809EC0F4C6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{23CBFA56-A53D-41AE-8C7F-0F8252CC2DBE}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher | 
"{3271B6C0-6940-44B5-A660-39AFC67BB9D0}" = lport=6935 | protocol=17 | dir=in | name=league of legends launcher | 
"{33110E1E-C335-44C3-A768-77E2C55369DD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{373FE8DE-1395-4FF2-8191-6156D4C94817}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{38127872-3D04-46C6-B9C4-17F42AB520E0}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | 
"{4AA189F0-B744-4B86-A8AA-DCD523334191}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4B9A019D-1D06-4354-852B-B910853A643D}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher | 
"{51F0B03A-6C04-43B1-A7AA-7096360C9397}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{54915961-DD71-4485-94C6-DBF7B2327D71}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{54E46F58-8430-430B-8178-799F465EACF3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5A20A745-3829-4804-9F65-1403C0340C76}" = lport=13139 | protocol=17 | dir=in | name=petroglyph | 
"{5B2546DE-D49F-44A7-A13D-5447A33A3362}" = lport=6500 | protocol=17 | dir=in | name=petroglyph | 
"{5B53AAE7-AA4A-460C-BAD0-54F86904A773}" = lport=6900 | protocol=17 | dir=in | name=league of legends launcher | 
"{654501D9-FE44-49A3-9CB9-CB9299186A90}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{66C2CB2F-CC51-4DF1-A4FE-7B5ADCD45259}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{68BFB1B5-02CC-41A4-AF8D-1B580061EC56}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{6A8F9ABD-6BE5-4AC0-B60D-26190CC6F583}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher | 
"{6AF970BF-4463-4D21-8D0F-F82523D5A066}" = lport=6936 | protocol=17 | dir=in | name=league of legends launcher | 
"{6C655F6D-F594-431C-8159-364F79D2BE91}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{735754D2-A69D-41E4-BDCD-CE6D5727AE3D}" = lport=6984 | protocol=17 | dir=in | name=league of legends launcher | 
"{74499851-B8ED-4C66-AE2A-699EBA936272}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher | 
"{79E8B7B3-8376-44E7-9DF3-C723FCEAE3F5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{80F37316-952C-4C4B-B1F7-3D535C0A376F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{81F58D8C-8A80-42CB-BE3E-465A8880EE1C}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{87F497A1-14C8-424B-B79D-B5FDB55D5074}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8D77104A-453D-4EBA-934D-18B5E426D539}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{95DE15B6-C548-4A05-9E2A-7C419BD9654D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{97CAAFD5-BEA7-409B-8043-75F898144FC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{996746D2-EAAC-4B81-8BC8-22E5C37984EE}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher | 
"{9AF72A6E-347E-47F0-84A4-1C63E05C8A5B}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher | 
"{9D0B143B-AD18-4263-A5F1-161B657EBDA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F1D6BD6-D5FD-4FDB-AB05-CBAF87904510}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher | 
"{A6EE50BF-2B0C-41DC-9C36-E05DFC33EFD4}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher | 
"{AA189601-DD81-49BC-B0CF-D688967BA67E}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher | 
"{AAE0BE73-E52C-4B93-9E72-F367138835E8}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher | 
"{AB115769-E767-4D54-AF02-7F6527D02D6A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AE01C4D9-74FC-425F-851A-D5129A38F684}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher | 
"{AE05AC86-3EAE-4102-AB29-E72CFD7C00A3}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher | 
"{AE14899E-DB85-480E-80AA-61D2C73A23F6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AEE3E01F-686A-495D-9D9E-ABC601BA2A31}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher | 
"{B048A2CB-7D6A-46E8-9D0D-F8EB61FD65DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B1CD53A2-FEBE-454B-A4EF-5469FECA3522}" = lport=6900 | protocol=6 | dir=in | name=league of legends launcher | 
"{BD0FAFF2-14A2-4683-A407-FAAE2390525B}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{C079573E-FC2A-47CB-93C0-9446B4D2B624}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{C17A4B8E-0465-4184-9FAB-ECF3729C9499}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C19EFDC3-6BF3-4FBD-B005-13235130A885}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{C1A9D320-9FD5-4947-8B5A-5C448D7C218B}" = lport=6925 | protocol=6 | dir=in | name=league of legends launcher | 
"{C1C18645-CCA3-4C5C-9B3B-932C96666273}" = lport=6984 | protocol=6 | dir=in | name=league of legends launcher | 
"{C55B89CB-7449-4767-A984-FA7D3C00B03C}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{C6E3CFE8-B8F9-4A9F-8D55-497CDC203699}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher | 
"{CA6C0FE2-1ED2-4334-9040-2A99C0B5694F}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{CBCA83C2-A8DF-423D-B4F0-80FC6E7E2158}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher | 
"{CBCC851D-1A91-4CF3-AA27-BE42179EE959}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CD035131-1859-4FBC-9004-17175ADA8E2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CED7BCAD-0471-4520-AEB9-B7A3489EF88F}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher | 
"{CEF65886-D7BF-4975-8734-213B0C35D8D0}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | 
"{D3597379-0E17-4B5E-BFB2-E562B19CAFCB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D7ED6507-984B-4A25-81AB-5BC7C352F440}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D7F0A098-56E8-4122-A88D-9E2354366284}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DFDD831A-CEAE-4F41-A260-54BCF4C1D5EB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DFECA61D-4DB8-40E2-BCAC-8A3CB8B3ACBD}" = lport=6954 | protocol=17 | dir=in | name=league of legends launcher | 
"{E3084E8C-1DD6-478B-976A-8115AF0239D6}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{E8629280-233D-46BB-A5DD-5A9C196204D5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EADE580B-04F2-44B5-A5E5-04466942711C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF836F09-BE54-438D-9784-5DD89D5B2347}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F048B1B9-CF38-4F13-989E-B3EB97936A74}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{F138497A-3A5A-424B-868D-77CE09433AC4}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{F43B940E-2120-4C71-91CF-66C557556F62}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F953C05D-1ABA-452F-8A24-EAEFA7A76A33}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F9A87DD7-F718-455D-9C6C-8A42F0DFA3FF}" = lport=6954 | protocol=6 | dir=in | name=league of legends launcher | 
"{FB464DE1-671E-462A-BA11-6225CF6BBDBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FE21014C-A725-4B91-AC36-C51E52E4949E}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher | 
"{FF5C9057-0607-4D51-8640-A29577618F09}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FFF92C5E-2687-4610-B7DC-B55BDC468E84}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005ED1B4-E4F7-4D4E-AFAB-CAC9EB801FF5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{02D24C2F-0922-4871-AE67-4CE22BC64D45}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B07EB19-C3DA-47D3-B930-C7A64A26AE12}" = protocol=17 | dir=in | app=c:\users\brandon fleming\appdata\roaming\utorrent\utorrent.exe | 
"{0B7FC5C6-4228-4079-A8A6-2B3062E7B896}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0DAAF2D1-9FEC-4630-A5DB-3312B70FCD9C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{0ED77039-C840-495E-B458-36881CC46765}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | 
"{1197F265-906A-448D-BE78-B8240A6FD389}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{1285EF50-F0D3-4332-89A8-44A1769AD337}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{157C55B4-CBC0-41E4-99FA-666EAAE235A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{189534F7-939C-431E-9361-7F12645F29D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{1AEA3491-D35B-49DF-8478-78DA336DEB58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1B6F8597-C5C4-4EB7-96FC-B4323B29251E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{1BAE9F0F-12FF-47C8-8F2F-CF5BA5EAF3EA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1E4AB50A-CB61-4F54-84FF-50438C5DBD1A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{1FB5B562-D466-4138-80BA-E2903D8EC4BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{1FBF598C-9A4E-4019-91D0-3ED69E71A731}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe | 
"{208F2701-7CEC-4215-B003-F7B8733E11B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2240CB22-8056-4827-A194-9AEEB392B6BD}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{227B7F9A-6FD5-47A0-BA02-07B91F1E63A3}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{22802420-8C35-4060-8335-F283A547E76C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{23E4D099-226F-41ED-965A-420526AF4C93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{31687E3D-20AC-4320-A7B8-5A5CD035AA1A}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"{362586A6-034F-411D-B2CA-45C5CFF85D7F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3A22A36D-BB62-477A-AA8C-5E18DEFCA42E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3B490E7E-C852-4EBD-927C-CAE084B06882}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{3FC96701-4422-4A90-8268-C7249E45CC91}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{3FE85E1F-BDC1-49EB-A88E-0B8A212E8899}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{4313E3EA-2C21-46FB-A450-E046F33A9E74}" = protocol=17 | dir=in | app=c:\users\brandon fleming\appdata\roaming\dropbox\bin\dropbox.exe | 
"{44F2EF09-51B6-46E8-8A31-A50FAE60AFBF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{49C652B4-E898-4F52-8E60-AF4FF6DECCF6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4AE435A6-6C1E-4ADB-971A-1B40235ABB0A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{4BF95056-C555-408F-ACBF-6204550E7E50}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{4E2462B0-9554-4838-BC68-97AC2C394FC3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4EB775C1-5127-4661-9838-DAF824EBEE88}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{54433FF8-8CA7-4C16-87D3-299813DEF663}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{555EB82D-EF39-44DB-A5E6-C1AC2D5B40DC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{55EFFF16-501F-44D3-B264-37D46984C4F8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{59557210-084B-4F62-B195-AB2C9F556D2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{59611AFE-7180-40F4-BBE5-1D14920D2490}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{5C2A8470-796E-470F-9020-E614096F6A74}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{5C9C3E33-043D-4A8B-9440-5BCD2DBCD9AC}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{5CA52B4E-E500-4004-88BF-BC0FD232BCAE}" = protocol=6 | dir=out | app=system | 
"{5DD8831D-4BB7-4248-8D48-4AE8D75C0E89}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{5FEBEBAE-08AC-49FF-9644-9370D3377468}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6108C806-3D98-4E04-85AB-F6746DDCEC95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{6219F6B6-239D-4087-A61F-09D28038E6DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{63C2052A-35D0-4AD0-AA09-FBEF79519BA5}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{6AC0852D-6C40-40F3-B218-5F8EA039EF4A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{6AC4C6BD-0B32-4437-8AD3-C4F8BE3F162B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{6C94B528-35C5-40A4-9537-9225F72EE763}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6FDC5918-9A1A-4993-982A-7CB39F2080BC}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{7060F9B1-7D27-4D9D-B841-A4B18540E841}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7120B4C2-B99D-42DE-A1DA-CBE5C3FBB48D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{71F4C0EC-79DB-4BEF-AD3B-1CACB9C6052D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{722DFBB2-B78E-426D-94A3-9F50950F1BD1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{78EE4150-A9F7-45BB-9ACD-5EFE7A44FA3B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{78EE57FD-E703-4F9E-9F6F-6E99E0C91980}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{799589E8-E05D-41B2-B864-3571AD4AFCBC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7BD4212E-10A1-4DAF-90CE-42D31B35E20A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{7E5E21D5-FF86-4CB8-BBB4-0B87C7B83936}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{7E7305E4-A374-445F-881C-4AA6CE876833}" = protocol=6 | dir=in | app=c:\users\brandon fleming\appdata\roaming\utorrent\utorrent.exe | 
"{815B1769-A80F-4E18-AC95-066B91CAD8CB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | 
"{817505AD-3C89-44F3-9408-450B8B5526A4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{82EF92C3-A1CF-4122-9A1C-813279A2C95F}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{87A94325-4505-44B0-B262-F14DF782596C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{87DE3909-1A5A-4CFC-9CB2-EAF196168548}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{89B94572-0483-4520-8380-63CEEF251491}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A83CF83-0234-419C-8895-C1838CF35130}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{8B28D7C4-F137-41DC-99AF-0154F813F329}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{8BCEAF2D-A36A-425D-9B6D-6F3C218ECC8B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F26F267-A235-47D3-8E29-8CE95B6D225B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8F916E8E-378E-42BB-A259-96BAA434A7B0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{90269CA6-BFE3-4355-9220-C79157BCD9B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{950CED66-C60C-4364-9692-A5E360A687DC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{957618B3-E3CB-4F10-B222-F00C28196258}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{98599F59-6C64-4CCC-9642-E0C2630F3352}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{99C9852B-B2BF-47EC-A56A-AE15F6209855}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9B5B3273-14F7-464A-9F4E-07E24F6ECA7E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9C76EB86-33D4-4BE4-A514-2E953F83F374}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{9C8C8E62-FCAC-44A0-B051-C31CEA54BDF2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A03BBEFE-A76D-46EA-8AFA-E6F265821470}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A1C156F7-8054-44DE-812C-B9D120B41A01}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{71c4f928-136a-4222-a191-310e081fb96b}\setup\hpznui40.exe | 
"{A55AD8CE-697F-46AD-B08F-0921DC42897A}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{A699D36E-C133-49F9-9E0F-83F0547C1E16}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{A80BFCA7-AB30-49EE-85BB-CA2F3CCE34B7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{AB4D139F-A30A-490B-A361-4595C024C132}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{AE101328-FBD3-40DC-917B-A456F15DA696}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{AF1C09FE-559F-4A91-A504-C40F38E2E43D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{AF4B9541-4DF1-4E5A-B209-7C6D21D74AE4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{AF97D1C5-0162-4876-A781-796E336456A8}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe | 
"{B04A5B46-5EA5-4F39-A016-8DBB99A1EA36}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B1753BE9-A6CB-4328-A2E7-1A98359BDFFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3A8FFA1-0660-4DA4-9785-35800F8FAFA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B512FF84-F985-4008-AE35-E67A9E59834C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{B56E3A49-2478-4079-A484-71DBC3EC728D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B59951D8-0E8D-4066-89F6-404F34EE1C93}" = protocol=6 | dir=in | app=c:\users\brandon fleming\appdata\roaming\utorrent\utorrent.exe | 
"{B5FC1007-B3B5-4869-9BBA-91D450824872}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{B7144EA8-65B2-4E63-9C66-97D164B3C623}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{B82BC02C-E69B-430A-86CF-58DC0D49631F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{B991004D-C1DB-4D1E-AF78-332206026D46}" = protocol=6 | dir=in | app=c:\users\brandon fleming\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BA096BE0-2556-454C-A80C-5F3243DDE44D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{BCE9376E-5ED5-4DAD-AC40-4F1BC29454E4}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{BD77033A-15F5-4071-B591-611DD8DB7713}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{BDDE399F-E68F-4C88-A08F-3271DBFBE8BB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BF789DD3-FD13-403C-AA9F-B31E156AA81B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C10AC985-BBC4-4982-A81C-8E5F86480AFA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C3246812-63CC-4E9B-B400-01CF957210D2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C3842B68-DB19-4570-AD8E-3DF5EE4307A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C49970CE-F105-4E80-BD90-8A94F5C9A27F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C4C85C86-11D1-4A9C-9B70-6586960AB001}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{C74A1998-A650-4905-87FE-A9061D6263E6}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{C83BC40B-196A-4385-B104-EAF9756C8B22}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{C8BC8EBF-47D8-4205-B0DF-89ACBCF61FE9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C950AB21-6E77-4CED-B7E0-E5FBA6AA7B07}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{C9EEF1EA-E070-4BB5-AA5B-845C8C2777DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CD8EDBC6-45D8-4CC3-8FF8-9DBAD771C203}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D018EDE3-2310-407A-A323-CC3B5E3244CD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{D18DFDB9-269B-4E7A-95BE-7B4A577ACCD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{D1BC2AAF-03FD-4BCA-BA2D-103D745ADA39}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{D2CF75F5-1F16-4C71-9300-32A9634886B0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{D381E12D-D373-4703-A745-745CA3570679}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{D519B95E-9217-4AAE-BEC5-15250F698511}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D5671994-4612-49F1-90AD-E1C2DC11846E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D5D5B661-6808-4F2A-AE17-9D28D8E91AE5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{D63E8E66-483E-4E23-8319-206F8529AD63}" = protocol=17 | dir=in | app=c:\users\brandon fleming\appdata\roaming\utorrent\utorrent.exe | 
"{DA03A0D8-18EC-4757-A80D-6D268F0127C6}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{DE5B775C-CFF4-485B-9AC7-92FA5C9025A9}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{DEC81540-A1C5-4FAD-8EAA-7646F2FD9AEE}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 
"{E1AD5B98-6D5D-4CFB-8D32-97FABC595061}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe | 
"{E4133F87-67B3-4175-B396-766779B31695}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{E74A3C7D-B0D6-4CA8-9805-66BE9C1AFB7F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{E875D824-2C35-42F9-9FE0-AF4D7DCB4240}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{EA173736-05F6-4ACF-8339-60C44B58C1CE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ED1C6B55-75F0-4CCC-AB0E-EEF6E07E8F07}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{EE300E81-188F-4EE3-BD16-F154F92DE648}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"{F145F11A-F7E0-4FE7-8B32-5C2C04D09E12}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{F2310A7D-8760-46A9-842C-CC938487ED8A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{F35660AD-5650-4BD4-87C8-9DEDBF481DAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5076325-152A-4C66-B700-C624F2FE4C9F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F7DC110D-0118-4621-BEA9-65C49FF1133A}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{F80333DA-7357-41BE-8156-00624B7B7640}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{F834F54B-D4C8-452A-990A-32F5128808D4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{F95832B9-CBF0-4A89-B4D1-9F5A2A49DF21}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{FF54FF20-5949-4468-889E-07CB96B9645C}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"TCP Query User{02191D2B-9EC4-432C-84DE-577FAAF20660}C:\users\brandon fleming\appdata\roaming\vseeinstall\vsee.exe" = protocol=6 | dir=in | app=c:\users\brandon fleming\appdata\roaming\vseeinstall\vsee.exe | 
"TCP Query User{96CBA747-49D5-4252-AEDC-A90A695B2E3E}C:\pfs\callatl\rteng9.exe" = protocol=6 | dir=in | app=c:\pfs\callatl\rteng9.exe | 
"TCP Query User{E68964B7-F7BC-4D59-8C3E-4D51AD844FD1}C:\users\brandon fleming\appdata\roaming\vseeinstall\vsee.exe" = protocol=6 | dir=in | app=c:\users\brandon fleming\appdata\roaming\vseeinstall\vsee.exe | 
"TCP Query User{F48AFDE5-1C54-4880-937A-C2B196BD996C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{F5D30AA3-8CBD-4E05-9532-6CE036FD34E6}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"UDP Query User{64D9E969-4435-469E-969E-A456DB8FF4B2}C:\users\brandon fleming\appdata\roaming\vseeinstall\vsee.exe" = protocol=17 | dir=in | app=c:\users\brandon fleming\appdata\roaming\vseeinstall\vsee.exe | 
"UDP Query User{6A516828-6686-4713-BE10-EAB1980BFC01}C:\users\brandon fleming\appdata\roaming\vseeinstall\vsee.exe" = protocol=17 | dir=in | app=c:\users\brandon fleming\appdata\roaming\vseeinstall\vsee.exe | 
"UDP Query User{80CBC96B-E7F8-4897-BCD2-CE81A32E94D3}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"UDP Query User{872D0EB4-7BEC-4F69-BE68-73B0A2589DB9}C:\pfs\callatl\rteng9.exe" = protocol=17 | dir=in | app=c:\pfs\callatl\rteng9.exe | 
"UDP Query User{97A7053D-4F2B-48B3-B853-19615FD67601}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{650AF771-456D-418F-BFC7-F6FFC9D0235C}" = HP Deskjet 3050 J610 series Basic Device Software
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
"{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}" = Motorola Mobile Drivers Installation 6.3.0
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E852F060-08FF-FFD5-0C98-2A066B42EBBB}" = ccc-utility64
"Dell V310-V510 Series" = Dell V310-V510 Series
"EPSON XP-310 Series" = EPSON XP-310 Series Printer Uninstall
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Dell Touchpad
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{09E576E9-8AC3-42E3-9A7C-A2C43C15224D}" = TurboApps WinMobile Conduit
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10144CFE-D76C-4CFA-81A1-37A1642349A3}" = Epson Event Manager
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16FB54B9-8AC9-F064-38FB-DF7B69583218}" = CCC Help Chinese Standard
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B367D21-5307-428C-DEDA-D073071CB89B}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206A595B-6ED6-4547-9293-C448139826EC}" = CallAtlanta
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2DE12376-E648-D16E-3E0A-0CAEE233BF64}" = CCC Help Spanish
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3347400D-F491-6DB5-9F57-0A9EA8E435C9}" = Catalyst Control Center Core Implementation
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{3732AB18-9BED-80F1-ECA5-C598807BD9D2}" = Skins
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4979A82C-4EBE-32C4-81E5-94532C4BAEED}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{54EE63E3-9960-41B6-9644-BB0167C6DD42}" = Catalyst Control Center - Branding
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a
"{5A11DB94-53E7-0232-3AF6-8DD9612094CD}" = CCC Help Chinese Traditional
"{5CF3C617-83A2-3D8E-39D6-45B593BB5F89}" = CCC Help German
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5ED80B30-4DAE-4D73-9D62-AD89F661AF46}" = RSDLite
"{60495020-5A67-DE2D-B768-5E77E734D263}" = CCC Help Italian
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{61C06586-0FAD-1E43-20C6-08F4F1483C3D}" = CCC Help Norwegian
"{62499375-AB9C-5279-EEEE-F5AB863CA996}" = CCC Help Danish
"{6464EA89-7B34-C15B-B39F-4638EFF931DE}" = Catalyst Control Center Graphics Previews Common
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7087BFF5-88C7-4B82-2EF6-B7F09DD4A86B}" = ccc-core-static
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{719CCEF3-234C-6C1A-3891-79FA208E8025}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729E66B3-1B80-4F2F-8D19-342A89631E0A}_is1" = Wav to Mp3
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{764490A7-9DF2-B0CE-DA9F-72DDFD342ACA}" = CCC Help Russian
"{7650F538-6274-44EA-8F50-843479073333}" = Epson USB Display
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DA095FF-BBD9-44FE-9404-626D58A50756}" = Fuze Meeting
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{860CF8EA-A8ED-01BD-8344-26DB1058A563}" = CCC Help Korean
"{863448D4-F184-4B21-A46B-323C97A2D038}_is1" = 7-Zip File Manager version 9.20
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}" = Motorola Device Software Update
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B362AE0-1F0D-370B-F468-FFEF38682508}" = Catalyst Control Center Graphics Full Existing
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FF5AF7A-F7C7-D4F0-D93F-40800E2F8C20}" = Catalyst Control Center InstallProxy
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A498BF75-59BD-6EDB-1C19-13AAA2FD3034}" = CCC Help French
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB834517-C040-6115-A231-0A62F0A08294}" = CCC Help Swedish
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B2939EC4-6FB6-3153-0F9E-CE1AE76F0AE8}" = Catalyst Control Center Graphics Light
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5747FE9-AC7C-3512-02EA-2C6A089EC68F}" = CCC Help Finnish
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{CFBB5529-2532-1F5E-8706-F0D1BE3B8C35}" = Catalyst Control Center Graphics Previews Vista
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60071DB-459C-465C-92EF-336E65F1A436}" = Software Updater
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DCC9335C-09BD-3017-096F-931FDB8E7663}" = Catalyst Control Center Graphics Full New
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE4AD67B-9EA0-31F1-F5EE-E9B836248839}" = CCC Help English
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E34F2220-A7B4-405A-B26E-9E048D16510A}" = TurboTax 2013 whiiper
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}" = Citrix Online Launcher
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCAC5BFF-0A4E-3E71-C486-5E55C0630817}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Any Audio Converter_is1" = Any Audio Converter 3.3.1
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.3.6
"Any Video Converter_is1" = Any Video Converter 3.3.5
"AVG Secure Search" = AVG Security Toolbar
"Battle.net" = Battle.net
"conduitEngine" = Conduit Engine
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Connect_is1" = EPSON Connect version 1.0
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"Hearthstone" = Hearthstone
"JMC, the Java Mud Client V3.5.0.2" = Uninstal JMC, the Java Mud Client V3.5.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Music Editor Free" = Music Editor Free
"Pharaoh" = Pharaoh
"PowerISO" = PowerISO
"PROR" = Microsoft Office Professional 2007
"Tunatic" = Tunatic
"TurboTax 2013" = TurboTax 2013
"VLC media player" = VLC media player 2.0.4
"WildTangent dell Master Uninstall" = WildTangent Games
"Windows Mobile Device Handbook" = HTC Touch Pro
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"zMUD" = zMUD 7.21.0.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/10/2014 3:37:00 AM | Computer Name = BrandonFleming | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with 
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 5/10/2014 3:38:00 AM | Computer Name = BrandonFleming | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with 
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 5/10/2014 4:37:00 AM | Computer Name = BrandonFleming | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with 
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 5/10/2014 4:38:00 AM | Computer Name = BrandonFleming | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with 
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 5/10/2014 5:37:00 AM | Computer Name = BrandonFleming | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with 
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 5/10/2014 5:38:00 AM | Computer Name = BrandonFleming | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with 
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 5/10/2014 6:37:00 AM | Computer Name = BrandonFleming | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with 
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 5/10/2014 6:38:00 AM | Computer Name = BrandonFleming | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with 
the default profile for the system.      DETAIL - Access is denied.  
 
Error - 5/10/2014 6:41:42 AM | Computer Name = BrandonFleming | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
 Express\CoziExpress.exe".Error in manifest or policy file "" on line .  A component
 version required by the application conflicts with another component version already
 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 5/10/2014 6:41:42 AM | Computer Name = BrandonFleming | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
 Express\CoziExpress.exe".Error in manifest or policy file "" on line .  A component
 version required by the application conflicts with another component version already
 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Media Center Events ]
Error - 2/13/2014 2:55:12 AM | Computer Name = BrandonFleming | Source = MCUpdate | ID = 0
Description = 8:55:11 PM - Error connecting to the internet.  8:55:11 PM -     Unable
 to contact server..  
 
Error - 2/13/2014 3:55:18 AM | Computer Name = BrandonFleming | Source = MCUpdate | ID = 0
Description = 9:55:17 PM - Error connecting to the internet.  9:55:17 PM -     Unable
 to contact server..  
 
Error - 2/13/2014 4:58:15 AM | Computer Name = BrandonFleming | Source = MCUpdate | ID = 0
Description = 10:58:14 PM - Error connecting to the internet.  10:58:14 PM -     Unable
 to contact server..  
 
Error - 2/17/2014 5:08:50 PM | Computer Name = BrandonFleming | Source = MCUpdate | ID = 0
Description = 11:08:50 AM - Error connecting to the internet.  11:08:50 AM -     Unable
 to contact server..  
 
Error - 2/17/2014 5:09:01 PM | Computer Name = BrandonFleming | Source = MCUpdate | ID = 0
Description = 11:08:56 AM - Error connecting to the internet.  11:08:56 AM -     Unable
 to contact server..  
 
Error - 2/25/2014 1:58:34 AM | Computer Name = BrandonFleming | Source = MCUpdate | ID = 0
Description = 7:58:25 PM - Error connecting to the internet.  7:58:25 PM -     Unable
 to contact server..  
 
Error - 4/22/2014 1:25:42 AM | Computer Name = BrandonFleming | Source = MCUpdate | ID = 0
Description = 7:25:42 PM - Error connecting to the internet.  7:25:42 PM -     Unable
 to contact server..  
 
Error - 4/22/2014 1:25:54 AM | Computer Name = BrandonFleming | Source = MCUpdate | ID = 0
Description = 7:25:47 PM - Error connecting to the internet.  7:25:47 PM -     Unable
 to contact server..  
 
Error - 4/26/2014 4:04:53 PM | Computer Name = BrandonFleming | Source = MCUpdate | ID = 0
Description = 10:04:53 AM - Error connecting to the internet.  10:04:53 AM -     Unable
 to contact server..  
 
Error - 4/26/2014 4:05:05 PM | Computer Name = BrandonFleming | Source = MCUpdate | ID = 0
Description = 10:04:59 AM - Error connecting to the internet.  10:04:59 AM -     Unable
 to contact server..  
 
[ OSession Events ]
Error - 4/4/2012 4:20:56 AM | Computer Name = BrandonFleming | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2392
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 1/16/2013 2:36:51 AM | Computer Name = BrandonFleming | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 6720 seconds with 3000 seconds of active time.  This session ended with a
 crash.
 
Error - 4/10/2013 6:53:32 PM | Computer Name = BrandonFleming | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 3879 seconds with 3240 seconds of active time.  This session ended with a
 crash.
 
[ System Events ]
Error - 5/10/2014 1:03:39 AM | Computer Name = BrandonFleming | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/10/2014 1:03:39 AM | Computer Name = BrandonFleming | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/10/2014 1:03:39 AM | Computer Name = BrandonFleming | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/10/2014 1:03:39 AM | Computer Name = BrandonFleming | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/10/2014 1:03:39 AM | Computer Name = BrandonFleming | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/10/2014 1:03:39 AM | Computer Name = BrandonFleming | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/10/2014 1:03:39 AM | Computer Name = BrandonFleming | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/10/2014 1:03:39 AM | Computer Name = BrandonFleming | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/10/2014 1:03:39 AM | Computer Name = BrandonFleming | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 5/10/2014 1:03:39 AM | Computer Name = BrandonFleming | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
 
< End of report >
 

 

 

Again any help would be awesome. Thanks guys.



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 PM

Posted 10 May 2014 - 06:23 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

STEP 1

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer. Make sure that Addition.txt is ticked as well.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

STEP 2

 

 

We need to repeat the scan with SystemLook but this time using the x64 version.


Please download SystemLook from the link below and save it to your Desktop.
SystemLook_x64.exe

  • Double-click SystemLook_x64.exe to run it.
  • Copy the content of the following codebox into the main textfield:


    :reg
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

 

 

 

Regards,

Georgi


cXfZ4wS.png


#3 brandontf8o8

brandontf8o8
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 10 May 2014 - 01:48 PM

Hi Georgi,

 

Thanks for quick repy.  I forgot to mention one of the issues im having is that I cant select download paths for anything so they automatically go into my download folder.  The problem there is I cant access my download folder. I get an error message saying that the destination has been moved or something along those lines.

 

Just ran the FRST scan and the logs are inaccessible to me.  Is there any way to work around this that you know of?

 

Thanks again! 



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 PM

Posted 10 May 2014 - 03:11 PM

Hi,

 

Click Start => Computer =>  (C:) => Program Files => right-click the Windows Defender folder and select Rename from the context menu. Add a unique variation to the filename, such as .old (for example, Windows Defender.old) and then try again to download and run FRST.

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#5 brandontf8o8

brandontf8o8
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 10 May 2014 - 05:17 PM

hello.

 

ok tried that and still nothing. is there another mirror/server that i can download FRST from? or if i were to get it on another computer could i transfer it via jump drive?

 

That might work.



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 PM

Posted 10 May 2014 - 07:13 PM

Hi,

 

Let me check something:

 

  • Please re-run OTL by double-clicking the otlDesktopIcon.png icon
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the customFix.png textbox.
  • Don't copy the word "quote"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.
    %USERPROFILE%\*.*
    %USERPROFILE%\*.
    %USERPROFILE%\*.exe /s
    %USERPROFILE%\Documents\*.*
    %USERPROFILE%\Documents\*.
    %USERPROFILE%\Downloads\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.*
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Local\temp\*.dll
    %USERPROFILE%\AppData\Local\temp\*.tlb
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %ProgramData%\*.*
    %ProgramData%\*.
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %programdata%\Microsoft\DRM\*.tmp
    %programdata%\temp\*.exe
    %programdata%\temp\*.dll
    %programdata%\temp\*.tlb
    C:\Users\All Users\*.exe /s
    C:\Users\Default\*.exe /s
    C:\Users\Public\*.exe /s
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\*.
    %CommonProgramFiles%\ComObjects\*.*
    %ProgramFiles%\*.*
    %ProgramFiles%\*.
    %Public%\Documents\*.*
    %Public%\Documents\*.
    %systemroot%\System32\config\systemprofile\*.exe /s
    %systemroot%\System32\config\systemprofile\*.*
    %systemroot%\System32\config\systemprofile\*.
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Local\*.
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.
    %systemroot%\SysWow64\config\systemprofile\*.exe /s
    %systemroot%\SysWow64\config\systemprofile\*.*
    %systemroot%\SysWow64\config\systemprofile\*.
    %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.
    %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.
    %systemroot%\ServiceProfiles\*.exe /s
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.*
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.exe
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.dll
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.*
    %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.*
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.exe
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.dll
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.*
    %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.
    %windir%\temp\*.exe /s
    %windir%\temp\*.*
    %windir%\temp\*.
    %windir%\*.
    %windir%\AppPatch\*.exe /s
    %windir%\ShellNew\*.*
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /verifysig
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /verifysig
    %SYSTEMDRIVE%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor /s
    HKCU\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 /s
    HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32 /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsimap /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s
    HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s
    HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s
    HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders /s
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    type C:\WINDOWS\system.ini >> test.txt /c
    bcdedit /enum all /v >C:\boot.txt /c
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    smss.exe
    fastfat.sys
    atapi.sys
    serial.sys
    volsnap.sys
    disk.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    kbdclass.sys
    kbdhid.sys
    mouclass.sys
    mouhid.sys
    spldr.sys
    dfsc.sys
    hlp.dat
    str.sys
    cerxvx.ocx
    crexv.ocx
    msseedir.dll
    msdr.dll
    lmbd.dll
    wsse.dll
    intel.exe
    WService.dll
    /md5stop

  • Push the runscanbutton.png button.
  • One report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened

 

Regards,

Georgi


cXfZ4wS.png


#7 brandontf8o8

brandontf8o8
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 11 May 2014 - 03:43 AM

ok ran scan and got an error message at the end that says

 

Cannot create file

C:\Windows\SysWOW64\config\systemprofile\documents\downloads\cmd.bat



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 PM

Posted 11 May 2014 - 06:13 AM

This is definitely a junction point issue:

Click Start > All Programs > Accessories, right click on Command Prompt and select "run administrator".

Copy/paste the following text at the command prompt and press enter after it:

Dir /s /a:l C:\* > c:\junctionPoints.txt

Post the content of c:\junctionPoints.txt in your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#9 brandontf8o8

brandontf8o8
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 11 May 2014 - 08:38 AM

ok followed the click path but there is no command prompt heading under accessories. 

 

oh boy computeres kinda messed huh =\

 

Thanks for everything though lol 



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 PM

Posted 11 May 2014 - 09:21 AM

Here's another way to open a Command Prompt window: Click the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_47.. In the Search box, type CMD, and then, in the list of results, right-click on CMD.exe and select "run administrator".

 

 

Regards,

Georgi


cXfZ4wS.png


#11 brandontf8o8

brandontf8o8
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 11 May 2014 - 09:30 AM

ok got it to open, punched in the command, but nothing came up.  the command prompt came back up as c:\windows\system32 but no logs opened and nothing on desktop



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 PM

Posted 11 May 2014 - 09:34 AM

The log will not open automatically. You need to open My Computer => Drive C:\ => junctionPoints.txt and copy and paste the content of the log in your next reply.

 

However I noticed that your user profile is probably corrupted as well:

 

 

[ Application Events ]
Error - 5/10/2014 3:37:00 AM | Computer Name = BrandonFleming | Source = Microsoft-Windows-User Profiles Service | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with 
the default profile for the system.      DETAIL - Access is denied.
 
Read the article below and try the methods posted there to try fixing the issue:
 
and let me know about the results.
 
 
Regards,
Georgi

Edited by B-boy/StyLe/, 11 May 2014 - 09:35 AM.

cXfZ4wS.png


#13 brandontf8o8

brandontf8o8
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 11 May 2014 - 04:05 PM

ok found the junctionpoints file here u go and then ill go through everything else after.

 

 Volume in drive C is OS
 Volume Serial Number is CA6D-F650
 
 Directory of C:\
 
07/13/2009  07:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData
 
07/13/2009  07:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  07:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  07:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  07:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  07:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  07:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 
 Directory of C:\Users
 
07/13/2009  07:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  07:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 
 Directory of C:\Users\All Users
 
07/13/2009  07:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  07:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  07:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  07:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  07:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  07:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 
 Directory of C:\Users\Brandon Fleming
 
05/12/2010  03:56 PM    <JUNCTION>     Application Data [C:\Users\Brandon Fleming\AppData\Roaming]
05/12/2010  03:56 PM    <JUNCTION>     Cookies [C:\Users\Brandon Fleming\AppData\Roaming\Microsoft\Windows\Cookies]
05/12/2010  03:56 PM    <JUNCTION>     Local Settings [C:\Users\Brandon Fleming\AppData\Local]
05/12/2010  03:56 PM    <JUNCTION>     My Documents [C:\Users\Brandon Fleming\Documents]
05/12/2010  03:56 PM    <JUNCTION>     NetHood [C:\Users\Brandon Fleming\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/12/2010  03:56 PM    <JUNCTION>     PrintHood [C:\Users\Brandon Fleming\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/12/2010  03:56 PM    <JUNCTION>     Recent [C:\Users\Brandon Fleming\AppData\Roaming\Microsoft\Windows\Recent]
05/12/2010  03:56 PM    <JUNCTION>     SendTo [C:\Users\Brandon Fleming\AppData\Roaming\Microsoft\Windows\SendTo]
05/12/2010  03:56 PM    <JUNCTION>     Start Menu [C:\Users\Brandon Fleming\AppData\Roaming\Microsoft\Windows\Start Menu]
05/12/2010  03:56 PM    <JUNCTION>     Templates [C:\Users\Brandon Fleming\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 
 Directory of C:\Users\Brandon Fleming\AppData\Local
 
05/12/2010  03:56 PM    <JUNCTION>     Application Data [C:\Users\Brandon Fleming\AppData\Local]
05/12/2010  03:56 PM    <JUNCTION>     History [C:\Users\Brandon Fleming\AppData\Local\Microsoft\Windows\History]
05/12/2010  03:56 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Brandon Fleming\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 
 Directory of C:\Users\Brandon Fleming\Documents
 
05/12/2010  03:56 PM    <JUNCTION>     My Music [C:\Users\Brandon Fleming\Music]
05/12/2010  03:56 PM    <JUNCTION>     My Pictures [C:\Users\Brandon Fleming\Pictures]
05/12/2010  03:56 PM    <JUNCTION>     My Videos [C:\Users\Brandon Fleming\Videos]
               0 File(s)              0 bytes
 
 Directory of C:\Users\Default
 
07/13/2009  07:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  07:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009  07:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  07:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  07:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  07:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  07:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  07:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  07:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  07:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 
 Directory of C:\Users\Default\AppData\Local
 
07/13/2009  07:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  07:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  07:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 
 Directory of C:\Users\Default\Documents
 
07/13/2009  07:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  07:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  07:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 
 Directory of C:\Users\Public\Documents
 
07/13/2009  07:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  07:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  07:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 
     Total Files Listed:
               0 File(s)              0 bytes
              50 Dir(s)  24,144,076,800 bytes free


#14 brandontf8o8

brandontf8o8
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 11 May 2014 - 04:43 PM

alright great news.  my profile is back up and running looks like i can access my folders and programs again.

 

laptops running a lil slow though. but other then that it looks good.

 

i only went through the first step in the profile repair page that u linked me to.  do i need to do all of them?



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:44 PM

Posted 11 May 2014 - 11:05 PM

No, since the method 1 worked for you I would advice you to ignore the other ones.

 

Please try to download and run FRST as described above now post back both logs in your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users