also @ TechSpot: Asus' new lineup of Z87 Haswell motherboards revealed

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Infected svchost.exe

Discussion in 'Virus and Malware Removal' started by Ryan O'Brien, Jul 20, 2012.

Post New Reply

Page 3 of 4

Ryan O'Brien Newcomer, in training Posts: 65

19:07:47.0362 4980 WacomPen - ok
19:07:47.0402 4980 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:47.0414 4980 WANARP - ok
19:07:47.0430 4980 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:47.0431 4980 Wanarpv6 - ok
19:07:47.0521 4980 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:07:47.0553 4980 WatAdminSvc - ok
19:07:47.0628 4980 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:07:47.0662 4980 wbengine - ok
19:07:47.0724 4980 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:07:47.0736 4980 WbioSrvc - ok
19:07:47.0760 4980 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:07:47.0780 4980 wcncsvc - ok
19:07:47.0795 4980 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:07:47.0804 4980 WcsPlugInService - ok
19:07:47.0839 4980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:07:47.0847 4980 Wd - ok
19:07:47.0884 4980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:07:47.0907 4980 Wdf01000 - ok
19:07:47.0917 4980 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:07:47.0927 4980 WdiServiceHost - ok
19:07:47.0930 4980 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:07:47.0932 4980 WdiSystemHost - ok
19:07:47.0949 4980 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:07:47.0961 4980 WebClient - ok
19:07:47.0976 4980 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:07:47.0988 4980 Wecsvc - ok
19:07:47.0998 4980 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:07:48.0001 4980 wercplsupport - ok
19:07:48.0036 4980 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:07:48.0038 4980 WerSvc - ok
19:07:48.0070 4980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:07:48.0079 4980 WfpLwf - ok
19:07:48.0083 4980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:07:48.0092 4980 WIMMount - ok
19:07:48.0131 4980 WinDefend - ok
19:07:48.0192 4980 WindowBlinds (97c7f30787a30cfa760b0247631a5463) C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
19:07:48.0205 4980 WindowBlinds - ok
19:07:48.0212 4980 WinHttpAutoProxySvc - ok
19:07:48.0263 4980 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:07:48.0272 4980 Winmgmt - ok
19:07:48.0378 4980 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:07:48.0428 4980 WinRM - ok
19:07:48.0579 4980 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\winusb.sys
19:07:48.0589 4980 winusb - ok
19:07:48.0639 4980 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:07:48.0668 4980 Wlansvc - ok
19:07:48.0708 4980 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:07:48.0719 4980 wlcrasvc - ok
19:07:48.0889 4980 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:07:48.0913 4980 wlidsvc - ok
19:07:48.0989 4980 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
19:07:48.0998 4980 WmBEnum - ok
19:07:49.0036 4980 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
19:07:49.0046 4980 WmFilter - ok
19:07:49.0081 4980 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
19:07:49.0090 4980 WmHidLo - ok
19:07:49.0122 4980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:07:49.0130 4980 WmiAcpi - ok
19:07:49.0177 4980 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:07:49.0194 4980 wmiApSrv - ok
19:07:49.0256 4980 WMPNetworkSvc - ok
19:07:49.0270 4980 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
19:07:49.0279 4980 WmVirHid - ok
19:07:49.0290 4980 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
19:07:49.0301 4980 WmXlCore - ok
19:07:49.0361 4980 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
19:07:49.0377 4980 WMZuneComm - ok
19:07:49.0425 4980 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:07:49.0434 4980 WPCSvc - ok
19:07:49.0450 4980 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:07:49.0460 4980 WPDBusEnum - ok
19:07:49.0464 4980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:07:49.0473 4980 ws2ifsl - ok
19:07:49.0486 4980 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:07:49.0495 4980 wscsvc - ok
19:07:49.0497 4980 WSearch - ok
19:07:49.0637 4980 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:07:49.0696 4980 wuauserv - ok
19:07:49.0771 4980 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:07:49.0784 4980 WudfPf - ok
19:07:49.0826 4980 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:07:49.0840 4980 WUDFRd - ok
19:07:49.0857 4980 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:07:49.0866 4980 wudfsvc - ok
19:07:49.0892 4980 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:07:49.0904 4980 WwanSvc - ok
19:07:50.0059 4980 ytpUpdater (88596ac939a4bcd347c5d360dfd0846e) C:\Program Files (x86)\updater\updater.exe
19:07:50.0133 4980 ytpUpdater - ok
19:07:50.0665 4980 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
19:07:50.0822 4980 ZuneNetworkSvc - ok
19:07:50.0883 4980 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
19:07:50.0904 4980 ZuneWlanCfgSvc - ok
19:07:50.0915 4980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:07:51.0116 4980 \Device\Harddisk0\DR0 - ok
19:07:51.0119 4980 Boot (0x1200) (6efb70c07cd1ba1edca2b603cc988eec) \Device\Harddisk0\DR0\Partition0
19:07:51.0120 4980 \Device\Harddisk0\DR0\Partition0 - ok
19:07:51.0139 4980 Boot (0x1200) (60ac426d1eba97774f052e637196341a) \Device\Harddisk0\DR0\Partition1
19:07:51.0141 4980 \Device\Harddisk0\DR0\Partition1 - ok
19:07:51.0141 4980 ============================================================
19:07:51.0141 4980 Scan finished
19:07:51.0141 4980 ============================================================
19:07:51.0150 1744 Detected object count: 0
19:07:51.0150 1744 Actual detected object count: 0

Ryan O'Brien, Jul 21, 2012

#41
Broni Malware Annihilator Posts: 39,288 +175
Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Broni, Jul 21, 2012

#42
Ryan O'Brien Newcomer, in training Posts: 65

RogueKiller log info

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Nub [Admin rights]
Mode: Scan -- Date: 07/21/2012 19:18:14

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 13 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-2463314201-2541101053-2832014611-1006[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[SUSP PATH] Best Buy pc app.lnk Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\LIVING~1.SCR) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-229BA0 ATA Device +++++
--- User ---
[MBR] 350720ab0f3de94caa18596bfeeda8e6
[BSP] 2fba84096da516bd12cdc8f0abb8703a : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29747200 | Size: 381546 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 811153408 | Size: 557797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Ryan O'Brien, Jul 21, 2012

#43
Ryan O'Brien Newcomer, in training Posts: 65

sorry it took forever to scan. rofl

aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-21 14:20:38
-----------------------------
14:20:38.173 OS Version: Windows x64 6.1.7601 Service Pack 1
14:20:38.173 Number of processors: 4 586 0x100
14:20:38.173 ComputerName: RYAN-PC UserName: Nub
14:20:38.973 Initialize success
14:21:23.355 AVAST engine defs: 12072100
14:21:27.831 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:21:27.835 Disk 0 Vendor: WDC_WD10EALX-229BA0 15.01H15 Size: 953869MB BusType: 3
14:21:27.848 Disk 0 MBR read successfully
14:21:27.851 Disk 0 MBR scan
14:21:27.855 Disk 0 Windows 7 default MBR code
14:21:27.858 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 14524 MB offset 2048
14:21:27.867 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 381546 MB offset 29747200
14:21:27.889 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 557797 MB offset 811153408
14:21:27.915 Disk 0 scanning C:\Windows\system32\drivers
14:21:34.329 Service scanning
14:21:51.184 Modules scanning
14:21:51.192 Disk 0 trace - called modules:
14:21:51.206 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:21:51.211 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007471060]
14:21:51.216 3 CLASSPNP.SYS[fffff880019c343f] -> nt!IofCallDriver -> [0xfffffa800705a520]
14:21:51.222 5 ACPI.sys[fffff88000f2d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007095060]
14:21:52.220 AVAST engine scan C:\Windows
14:21:54.297 AVAST engine scan C:\Windows\system32
14:23:59.773 AVAST engine scan C:\Windows\system32\drivers
14:24:06.690 AVAST engine scan C:\Users\Nub
14:31:28.613 AVAST engine scan C:\ProgramData
14:33:56.917 Scan finished successfully
14:34:22.683 Disk 0 MBR has been saved successfully to "C:\Users\Nub\Documents\MBR.dat"
14:34:22.696 The log file has been saved successfully to "C:\Users\Nub\Documents\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-21 19:20:35
-----------------------------
19:20:35.343 OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:35.343 Number of processors: 4 586 0x100
19:20:35.344 ComputerName: RYAN-PC UserName: Nub
19:20:36.578 Initialize success
19:21:12.951 AVAST engine defs: 12072101
19:21:26.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:21:26.518 Disk 0 Vendor: WDC_WD10EALX-229BA0 15.01H15 Size: 953869MB BusType: 3
19:21:26.529 Disk 0 MBR read successfully
19:21:26.530 Disk 0 MBR scan
19:21:26.536 Disk 0 Windows 7 default MBR code
19:21:26.539 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 14524 MB offset 2048
19:21:26.555 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 381546 MB offset 29747200
19:21:26.577 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 557797 MB offset 811153408
19:21:26.606 Disk 0 scanning C:\Windows\system32\drivers
19:21:37.228 Service scanning
19:21:58.052 Modules scanning
19:21:58.058 Disk 0 trace - called modules:
19:21:58.076 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:21:58.081 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80074c8060]
19:21:58.085 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007311860]
19:21:58.088 5 PCTCore64.sys[fffff880010af720] -> nt!IofCallDriver -> [0xfffffa8007231520]
19:21:58.092 7 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80070eb060]
19:21:59.533 AVAST engine scan C:\Windows
19:22:03.058 AVAST engine scan C:\Windows\system32
19:25:54.598 AVAST engine scan C:\Windows\system32\drivers
19:26:07.564 AVAST engine scan C:\Users\Nub
19:52:56.753 AVAST engine scan C:\ProgramData
20:04:13.967 Scan finished successfully
20:08:26.804 Disk 0 MBR has been saved successfully to "C:\Users\Nub\Documents\MBR.dat"
20:08:26.810 The log file has been saved successfully to "C:\Users\Nub\Documents\aswMBR.txt"

Ryan O'Brien, Jul 21, 2012

#44
Broni Malware Annihilator Posts: 39,288 +175
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Jul 21, 2012

#45

Ryan O'Brien Newcomer, in training Posts: 65

Ran in normal mode
Combofix log:

ComboFix 12-07-21.01 - Nub 07/21/2012 21:18:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7675.5593 [GMT -4:00]
Running from: c:\users\Nub\Downloads\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Titanium *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Titanium *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-20 19:27 . 2012-07-20 23:47 -------- d-----w- c:\users\Me
2012-07-19 21:45 . 2012-07-19 21:45 -------- d-----w- c:\program files (x86)\Smart Install Maker
2012-07-17 02:28 . 2012-07-21 22:40 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
2012-07-16 19:58 . 2012-07-16 19:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-16 02:36 . 2012-07-16 02:36 -------- d-----w- c:\users\Nub\AppData\Roaming\Malwarebytes
2012-07-16 02:36 . 2012-07-16 02:36 -------- d-----w- c:\programdata\Malwarebytes
2012-07-16 02:36 . 2012-07-16 02:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-16 02:36 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 00:37 . 2012-06-14 16:31 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-07-16 00:37 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-16 00:37 . 2012-06-14 16:31 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-16 00:37 . 2012-06-14 16:31 1681368 ----a-w- c:\windows\PCTBDRes.dll
2012-07-16 00:37 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-16 00:36 . 2012-05-11 15:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-07-16 00:36 . 2012-05-11 15:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-07-16 00:36 . 2012-05-11 15:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-07-16 00:36 . 2012-05-11 15:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-07-16 00:36 . 2012-07-21 22:40 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-16 00:33 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-07-16 00:33 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-07-16 00:33 . 2012-04-23 16:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-07-16 00:33 . 2012-07-21 22:40 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-16 00:33 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-16 00:33 . 2012-07-21 22:40 -------- d-----w- c:\programdata\PC Tools
2012-07-16 00:33 . 2012-07-16 00:33 -------- d-----w- c:\users\Nub\AppData\Roaming\TestApp
2012-07-15 14:53 . 2012-07-15 18:15 -------- d-----w- c:\program files (x86)\German Truck Simulator
2012-07-15 14:32 . 2012-07-15 14:32 -------- d-----w- c:\users\Nub\AppData\Local\CRE
2012-07-15 14:31 . 2012-07-15 14:31 -------- d-----w- c:\program files (x86)\uTorrentControl3
2012-07-15 14:30 . 2012-07-16 03:24 -------- d-----w- c:\users\Nub\AppData\Roaming\uTorrent
2012-07-13 03:32 . 2012-07-22 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
2012-07-12 18:53 . 2012-07-19 18:21 -------- d-----w- c:\users\Nub\AppData\Local\CrashDumps
2012-07-12 15:08 . 2012-07-12 15:08 -------- d-----w- c:\users\Nub\AppData\Roaming\TechSmith
2012-07-12 15:07 . 2012-07-12 15:07 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-07-12 15:07 . 2012-07-12 15:07 -------- d-----w- c:\programdata\TechSmith
2012-07-12 15:07 . 2012-07-12 15:07 -------- d-----w- c:\program files (x86)\TechSmith
2012-07-12 03:38 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 15:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-09 23:35 . 2012-07-10 17:44 -------- d-----w- C:\Adobe Photoshop CS6
2012-07-09 20:26 . 2012-07-22 01:26 -------- d-----w- c:\program files (x86)\intellidownload
2012-07-09 02:10 . 2012-07-21 22:40 -------- d-----w- C:\AdobePhotoshopCS6Portable
2012-07-09 01:35 . 2012-07-09 01:35 -------- d-----w- c:\programdata\ATI
2012-07-09 01:35 . 2012-07-09 01:35 -------- d-----w- c:\program files (x86)\AMD AVT
2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files\AMD
2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-07-09 01:33 . 2012-07-09 01:34 -------- d-----w- c:\program files\ATI Technologies
2012-07-08 22:09 . 2012-07-08 22:09 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-05 22:46 . 2012-07-05 22:46 172098 ----a-w- C:\torrent.exe
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-03 02:41 . 2012-07-03 02:41 -------- d-----w- c:\users\Nub\AppData\Local\id Software
2012-07-03 02:32 . 2012-07-03 02:32 -------- d-----w- c:\program files (x86)\id Software
2012-07-03 02:29 . 2012-07-03 02:29 -------- d-sh--w- c:\windows\ftpcache
2012-07-02 02:38 . 2012-07-02 02:38 -------- d-----w- c:\windows\en
2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\es
2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\de
2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\fr
2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\nl
2012-07-02 02:33 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-07-02 02:31 . 2012-07-02 02:31 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cee939541cd57fa02\MeshBetaRemover.exe
2012-07-02 02:31 . 2012-07-02 02:31 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ce705e0f1cd57fa01\DSETUP.dll
2012-07-02 02:31 . 2012-07-02 02:31 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ce705e0f1cd57fa01\DXSETUP.exe
2012-07-02 02:31 . 2012-07-02 02:31 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ce705e0f1cd57fa01\dsetup32.dll
2012-07-01 18:57 . 2012-07-01 18:57 -------- d-----w- c:\users\Nub\AppData\Roaming\Paltalk
2012-07-01 18:57 . 2012-07-01 18:57 -------- d-----w- c:\program files (x86)\Paltalk Messenger
2012-07-01 18:57 . 2012-07-01 18:57 -------- d-----w- c:\windows\Paltalk Messenger
2012-07-01 18:56 . 2012-07-01 18:56 -------- d-----w- c:\users\Nub\AppData\Roaming\OpenCandy
2012-07-01 18:55 . 2012-07-01 18:56 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-07-01 18:55 . 2012-07-01 18:55 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-07-01 18:55 . 2012-07-01 18:56 -------- d-----w- c:\users\Nub\AppData\Roaming\DVDVideoSoft
2012-06-28 21:50 . 2012-06-28 21:50 -------- d-----w- c:\program files (x86)\18 WoS Extreme Trucker 2
2012-06-28 04:05 . 2012-06-28 04:05 -------- d-----w- c:\program files (x86)\Bus Driver
2012-06-26 19:52 . 2012-06-26 19:52 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 00:11 . 2012-07-22 01:17 -------- d-----w- c:\program files\NeO IRC 1.7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 22:43 . 2012-04-10 04:14 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2012-07-12 03:34 . 2012-01-23 05:12 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-22 21:00 . 2012-02-22 22:06 134672 ----a-w- c:\windows\RegBootClean64.exe
2012-06-19 20:22 . 2012-06-19 20:23 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2012-06-19 20:22 . 2012-06-19 20:22 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2012-06-19 20:22 . 2012-06-19 20:22 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2012-06-14 15:03 . 2012-07-16 00:37 3488 ----a-w- c:\windows\UDB.zip
2012-06-14 15:03 . 2012-07-16 00:37 131 ----a-w- c:\windows\IDB.zip
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 17:48 . 2012-06-11 17:48 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-11 17:48 . 2012-06-11 17:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-08-11 01:05 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-08-11 01:05 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2011-08-11 01:05 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2011-08-11 01:05 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-08-11 01:05 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2011-08-11 01:05 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2011-08-11 01:05 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2011-08-11 01:05 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2011-08-11 01:05 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2011-08-11 01:05 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-08-11 01:05 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2011-08-11 01:05 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2011-08-11 01:05 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2011-08-11 01:05 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-02 23:33 . 2012-06-02 23:33 18944 ----a-r- c:\users\Nub\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-06-02 23:33 . 2012-06-02 23:33 11264 ----a-r- c:\users\Nub\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2012-06-02 22:19 . 2012-06-21 15:39 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:40 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:40 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:39 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:40 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:39 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 15:39 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 15:39 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-10 20:35 . 2012-05-10 20:35 43520 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-05-10 20:35 . 2012-05-10 20:35 29184 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-05-04 11:06 . 2012-06-13 17:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 17:47 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 17:47 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 17:47 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 17:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 17:47 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 17:47 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 17:47 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 17:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 17:47 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 17:47 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 17:47 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 03:45 . 2012-04-24 03:45 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-24 03:45 . 2011-08-11 01:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b57a9eb1-0e57-4850-a701-4d169538e6ed}]
2012-05-18 19:45 85288 ----a-w- c:\program files (x86)\blekkotb_032\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BA900CBA-FA92-4DF6-BED1-B683BFB92433}]
2012-04-04 21:58 1737216 ----a-w- c:\program files (x86)\YoutubePlus\YoutubePlus.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{b57a9eb1-0e57-4850-a701-4d169538e6ed}"= "c:\program files (x86)\blekkotb_032\blekkotb_019X.dll" [2012-05-18 85288]
.
[HKEY_CLASSES_ROOT\clsid\{b57a9eb1-0e57-4850-a701-4d169538e6ed}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2K Games"="c:\users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"2K Games"="c:\users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll" [BU]
.
c:\users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Malwarebytes Anti-Malware.lnk - c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2012-7-15 973488]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-03-18 87168]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-03-18 188544]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-02-28 21712]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 116648]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-14 85224]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-23 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-03-23 70928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2010-11-28 128904]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-14 575448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-03-29 27760]
S2 ytpUpdater;ytpUpdater;c:\program files (x86)\updater\updater.exe [2012-03-26 1730048]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-03-29 2157680]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 03:45]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 22:55]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 22:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: Interfaces\{9EAD5E01-EBA1-4D42-9349-8BE2F94CCDD5}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\
FF - prefs.js: browser.search.selectedEngine - YoutubePlus
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2463314201-2541101053-2832014611-1006\Software\SecuROM\License information*]
"datasecu"=hex:7b,13,97,03,64,d4,8b,0f,64,f5,6f,10,9d,d7,bd,9f,71,18,18,1f,b5,
e0,ae,fe,ba,72,62,67,a8,e2,85,fe,19,ac,ea,23,96,b7,55,07,35,5a,ce,e2,85,5d,\
"rkeysecu"=hex:3e,b5,3a,9e,8d,9d,46,73,63,5c,82,8b,f1,70,4b,63
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
.
**************************************************************************
.
Completion time: 2012-07-21 21:38:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 01:38
ComboFix2.txt 2012-07-21 19:24
ComboFix3.txt 2012-07-20 21:44
.
Pre-Run: 54,702,419,968 bytes free
Post-Run: 54,990,872,576 bytes free
.
- - End Of File - - B7107FD3DED271A8765A63EBB4F1D255

Ryan O'Brien, Jul 21, 2012

#46

Ryan O'Brien Newcomer, in training Posts: 65

Ran in normal mode
Rkill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/21/2012 at 21:41:35.
Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\SysWOW64\rundll32.exe

Rkill completed on 07/21/2012 at 21:41:47.

Ryan O'Brien, Jul 21, 2012

#47
Broni Malware Annihilator Posts: 39,288 +175
You're running two AV programs, PC Tools Spyware Doctor with AntiVirus and TrendMicro Titanium.
You must uninstall one of them.

=====================================

Uninstall RegistryNuke 2012.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

==============================

Combofix log looks good.

Any current issues?

============================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Jul 21, 2012

#48
Ryan O'Brien Newcomer, in training Posts: 65

Can't seem to uninstall RegistryNuke nor Spyware doctor.

File "C:\Program Files (x86)\RegistryNuke 2012\unins000.dat" does not exist. Cannot uninstall

OTL Log (Part 1)

OTL logfile created on: 7/21/2012 10:06:11 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Nub\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.50 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 82.78% Memory free
14.99 Gb Paging File | 13.72 Gb Available in Paging File | 91.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 51.34 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
Drive D: | 544.72 Gb Total Space | 8.23 Gb Free Space | 1.51% Space Free | Partition Type: NTFS
Drive F: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RYAN-PC | User Name: Nub | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 22:05:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Nub\Downloads\OTL.exe
PRC - [2012/07/19 11:02:01 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/19 11:02:01 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/23 23:45:53 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2012/06/11 13:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/06/11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/03/29 06:04:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/19 11:02:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/05/19 22:05:40 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/04/23 23:45:53 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 09:55:20 | 001,730,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\updater\updater.exe -- (ytpUpdater)
SRV - [2012/03/02 22:38:15 | 000,189,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/03/02 22:37:59 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/06/13 04:36:54 | 000,922,240 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011/05/09 13:01:06 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2011/03/02 01:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 14:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/01 22:15:14 | 000,915,584 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/11/28 16:34:00 | 000,128,904 | ---- | M] (AMD) [Auto | Stopped] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2010/10/21 13:52:26 | 000,586,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 17:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 16:13:28 | 000,337,144 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/06/11 14:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/11 12:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/03/22 22:19:45 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2012/03/22 22:19:45 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2012/03/22 22:19:45 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2012/03/22 22:19:45 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/10 21:03:14 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/10 21:03:14 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/29 06:04:06 | 002,157,680 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/03/23 06:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/17 20:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 20:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/27 19:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 19:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 19:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 17:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 17:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/02/18 13:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2012/02/28 19:11:24 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 17:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0877D540-4E36-4DF4-BA60-455B4E34840B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{0877D540-4E36-4DF4-BA60-455B4E34840B}: "URL" = http://50.56.166.40/youtubeplus/search/search.php?q={searchTerms}&sid=divx2k

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0877D540-4E36-4DF4-BA60-455B4E34840B}: "URL" = http://50.56.166.40/youtubeplus/search/search.php?q={searchTerms}&sid=divx2k
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YoutubePlus"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/07/21 21:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/07/21 21:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\__Youtube@Plus: C:\Program Files (x86)\YoutubePlus\YoutubePlus.xpi [2012/04/17 22:37:20 | 000,007,323 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/21 18:40:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 11:02:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/30 17:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nub\AppData\Roaming\Mozilla\Extensions
[2012/07/16 22:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\extensions
[2012/06/14 18:31:26 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\extensions\{b57a9eb1-0e57-4850-a701-4d169538e6ed}
[2012/06/29 18:40:10 | 000,000,000 | ---D | M] (U2bview Firefox Add-on) -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\extensions\noreply@u2bviews.com
[2012/04/17 22:37:23 | 000,001,846 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\searchplugins\ytp.xml
[2012/04/07 19:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/17 10:44:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/19 11:02:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: YoutubePlus (Enabled)
CHR - default_search_provider: search_url = http://50.56.166.40/youtubeplus/search/search.php?q={searchTerms}&sid=divx2k
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - Extension: Youtube Plus = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfplnmdbcmooodmaipjfjcepfmfcinpk\1.0_0\
CHR - Extension: uTorrentControl3 = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoadpabahabkmdndndlimfikephnoka\2.3.15.10_0\
CHR - Extension: Skype Click to Call = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

O1 HOSTS File: ([2012/07/21 21:32:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (blekko search bar) - {b57a9eb1-0e57-4850-a701-4d169538e6ed} - C:\Program Files (x86)\blekkotb_032\blekkotb_019X.dll ()
O2 - BHO: (Youtube Plus) - {BA900CBA-FA92-4DF6-BED1-B683BFB92433} - C:\Program Files (x86)\YoutubePlus\YoutubePlus.dll (Youtube Plus)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (blekko search bar) - {b57a9eb1-0e57-4850-a701-4d169538e6ed} - C:\Program Files (x86)\blekkotb_032\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [2K Games] rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance File not found
O4 - Startup: C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware.lnk = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EAD5E01-EBA1-4D42-9349-8BE2F94CCDD5}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/16 03:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/16 00:58:13 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*

Ryan O'Brien, Jul 21, 2012

#49
Ryan O'Brien Newcomer, in training Posts: 65

O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 21:32:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/21 21:17:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/21 21:17:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/21 21:17:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/21 21:16:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/21 19:07:12 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nub\Desktop\TDSSKiller.exe
[2012/07/21 15:24:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/21 14:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\RK_Quarantine
[2012/07/20 23:23:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\LOg
[2012/07/20 17:29:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/19 17:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Install Maker 5.04
[2012/07/19 17:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Install Maker
[2012/07/16 22:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryNuke 2012
[2012/07/16 22:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegistryNuke 2012
[2012/07/16 15:58:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/15 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Malwarebytes
[2012/07/15 22:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/15 22:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/15 22:36:30 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/15 22:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/15 20:37:25 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/07/15 20:37:24 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/07/15 20:37:24 | 001,681,368 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/07/15 20:37:24 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/07/15 20:36:30 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/07/15 20:36:30 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/07/15 20:36:26 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/07/15 20:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/07/15 20:36:21 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/07/15 20:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/07/15 20:33:58 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/07/15 20:33:57 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/07/15 20:33:55 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/07/15 20:33:53 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/07/15 20:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/07/15 20:33:31 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\TestApp
[2012/07/15 20:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/15 10:57:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\German Truck Simulator
[2012/07/15 10:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\German Truck Simulator
[2012/07/15 10:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\German Truck Simulator
[2012/07/15 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\CRE
[2012/07/15 10:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl3
[2012/07/15 10:30:54 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\uTorrent
[2012/07/15 00:13:34 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\mod
[2012/07/14 20:22:54 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\TR
[2012/07/14 20:03:49 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\German Truck Simulator
[2012/07/14 16:05:13 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\MMM1
[2012/07/14 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Gindinbei System
[2012/07/14 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\base
[2012/07/12 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Adobe Photoshop CS6
[2012/07/12 14:53:21 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\CrashDumps
[2012/07/12 11:14:26 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Crack
[2012/07/12 11:08:43 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\TechSmith
[2012/07/12 11:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2012/07/12 11:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2012/07/12 11:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012/07/12 11:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2012/07/11 19:51:57 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Stuffs
[2012/07/09 19:35:38 | 000,000,000 | ---D | C] -- C:\Adobe Photoshop CS6
[2012/07/09 16:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\intellidownload
[2012/07/09 13:01:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\AdobePhotoshopCS6Portable
[2012/07/08 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Photoshop_CS6_13.0_Extended_Portable
[2012/07/08 22:10:30 | 000,000,000 | ---D | C] -- C:\AdobePhotoshopCS6Portable
[2012/07/08 21:35:11 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/07/08 21:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/08 21:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/07/08 21:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012/07/08 21:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/08 21:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/07/08 21:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/07/08 21:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/07/08 21:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/07/08 18:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/07/08 18:07:04 | 084,347,111 | ---- | C] (PainteR ) -- C:\Users\Nub\Desktop\Photoshop CS6 (Portable).exe
[2012/07/07 12:08:20 | 000,016,384 | ---- | C] (Vagex) -- C:\Users\Nub\Desktop\updater.exe
[2012/07/05 20:51:17 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\poop
[2012/07/04 19:56:37 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\Electronic Arts
[2012/07/02 22:41:42 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\id Software
[2012/07/02 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\id Software
[2012/07/02 22:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software
[2012/07/02 22:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\id Software
[2012/07/02 22:29:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2012/07/01 22:38:05 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/01 22:36:50 | 000,000,000 | ---D | C] -- C:\Windows\es
[2012/07/01 22:36:43 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012/07/01 22:36:37 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012/07/01 22:36:30 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012/07/01 22:30:51 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{CFDE1CD9-BC53-4CB3-A135-A25853A93AC6}
[2012/07/01 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{D287ACCD-30C6-4120-AB65-D9BBA9DF52AF}
[2012/07/01 22:29:54 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{8092152A-9DD6-467D-BD57-80294A1BFDC8}
[2012/07/01 22:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{BE30A25A-37BD-41E8-99A1-A37721B1D74A}
[2012/07/01 15:48:50 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{70F6032C-0E89-4C36-9E33-44E9E22CABE1}
[2012/07/01 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{F76952F3-B6D1-48FC-A121-D621CA6D8BFB}
[2012/07/01 15:48:24 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{0B74427D-7262-445B-83E5-25DF43484814}
[2012/07/01 15:48:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{004E4185-3A0D-4351-9C32-E6E341A2697B}
[2012/07/01 14:57:33 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
[2012/07/01 14:57:31 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Paltalk
[2012/07/01 14:57:29 | 000,000,000 | ---D | C] -- C:\Windows\Paltalk Messenger
[2012/07/01 14:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paltalk Messenger
[2012/07/01 14:56:10 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\OpenCandy
[2012/07/01 14:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012/07/01 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012/07/01 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012/07/01 14:55:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\DVDVideoSoft
[2012/06/30 20:19:36 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\OFX Presets
[2012/06/30 17:15:17 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{8ACA30BE-D70B-482B-A44A-8F5E0B28D23D}
[2012/06/30 17:15:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{87806DBA-938A-43DD-9BBE-21EE898978FB}
[2012/06/29 21:37:52 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{CA82AF2B-9C37-4B22-8324-DBCCAC9645CD}
[2012/06/29 21:37:41 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{68461492-C674-451C-BD7D-BC04D038B6C4}
[2012/06/29 18:52:13 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{F170443B-3CED-4627-B4EC-9A33B583B832}
[2012/06/29 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{62D8FDF5-BFC8-4771-8A6D-4F05281E36F1}
[2012/06/29 18:50:40 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\trailer
[2012/06/29 18:45:32 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Euro Truck Sim Videos
[2012/06/29 18:27:24 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\brushes
[2012/06/29 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\img edit
[2012/06/28 21:36:40 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{285DBC9F-3D5D-4996-B34A-FC5851D9ECDD}
[2012/06/28 21:36:22 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{97A81B65-09C0-4AA2-BB00-B6EB8F73E023}
[2012/06/28 21:36:04 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{DE913867-D4FC-4C7D-92F6-3D0E5433FC81}
[2012/06/28 21:35:52 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2F2D288D-400F-4A66-ABD8-791A35126EA3}
[2012/06/28 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{841C0526-F7B7-47B7-8CD6-D39D2BBEAC3F}
[2012/06/28 21:35:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{787C32E8-1A12-4C70-8033-044FEB4897FB}
[2012/06/28 21:04:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\CokeZero Truck
[2012/06/28 20:54:29 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\;kfhwuoiehfoiqhfuowehfiwdoufhqiofdioshfuohofijqoiufhqouifjoq
[2012/06/28 20:32:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\truck
[2012/06/28 17:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Extreme Trucker 2
[2012/06/28 17:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\18 WoS Extreme Trucker 2
[2012/06/28 17:35:53 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\18 WoS Extreme Trucker 2
[2012/06/28 00:06:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\Bus Driver
[2012/06/28 00:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus Driver
[2012/06/28 00:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bus Driver
[2012/06/26 22:35:22 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{AE504E55-626A-4A66-95E8-3E2B17936476}
[2012/06/26 22:35:10 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{BA411AB5-1C8F-49CB-BA09-BABD0A5EA389}
[2012/06/26 22:05:59 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\vehicle
[2012/06/26 15:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2012/06/26 15:52:11 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2E0ADA97-1AF7-463D-938B-5FC897129762}
[2012/06/26 15:51:48 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{A2514F1C-7C5B-4887-9F9E-E20191C3F2BD}
[2012/06/26 09:24:33 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2DA1A3FB-F9D7-4DE9-9E05-83A2BF551262}
[2012/06/26 09:24:22 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{377AAE4B-67E1-44EE-B0D9-90B1BCD9A11B}
[2012/06/25 21:52:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{0550D5FD-4413-4348-B51B-9D52D194B24B}
[2012/06/25 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{AB85C986-847C-4593-A1DC-DC5E1D68888B}
[2012/06/25 13:29:59 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{5A8B302C-91D6-40D1-B227-1C59383706C6}
[2012/06/25 13:29:41 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{9F386A97-93D3-4D5C-8B49-A00DFAFDACBA}
[2012/06/24 23:48:35 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{B09F9454-4A27-45C7-A7B9-EA96335A54E4}
[2012/06/24 23:48:23 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{A4CDFE8C-7763-4B93-9089-D08B2ACA7CBE}
[2012/06/24 13:50:35 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{EB89407F-D209-4B81-AABE-F8A9E5C39C86}
[2012/06/24 13:50:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{F62533E9-86DE-4B73-B5C3-394F6D4FF19C}
[2012/06/24 13:50:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{B5E6F3A9-84C4-4740-8C3C-A14436AAEFE2}
[2012/06/24 13:50:00 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{ADEF3284-3215-47FD-9DE6-C8F12D30014B}
[2012/06/22 20:25:39 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{6785C491-2B47-46B0-AF9D-032E87654117}
[2012/06/22 20:25:27 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{92EF7E11-AB94-4415-9F2B-524C6621D450}
[2012/06/22 20:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\NeO IRC 1.7
[2012/06/22 10:46:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{DB48324A-34DE-445F-BFC4-887CF5D84BC3}
[2012/06/22 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2B2218A3-D528-4459-9CA6-307FF2A7409A}

========== Files - Modified Within 30 Days ==========

[2012/07/21 22:03:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 22:03:08 | 1741,275,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/21 21:57:17 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 21:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/21 21:40:41 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 21:40:41 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 21:32:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/21 21:06:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/21 20:08:26 | 000,000,512 | ---- | M] () -- C:\Users\Nub\Documents\MBR.dat
[2012/07/21 18:43:40 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2012/07/21 18:43:20 | 001,666,808 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/19 19:18:28 | 355,892,192 | ---- | M] () -- C:\Users\Nub\Desktop\Open this.zip
[2012/07/19 19:15:09 | 000,000,022 | ---- | M] () -- C:\Users\Nub\Desktop\New WinRAR ZIP archive (2).zip
[2012/07/19 18:17:14 | 000,006,776 | ---- | M] () -- C:\Users\Nub\Desktop\austrian edition logo.bmp
[2012/07/19 18:17:14 | 000,000,132 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2012/07/19 17:57:50 | 000,006,776 | ---- | M] () -- C:\Users\Nub\Desktop\cgqzfx8b.bmp
[2012/07/19 17:45:56 | 358,310,691 | ---- | M] () -- C:\Users\Nub\Desktop\GTS_1.32_8.0 (2).scs
[2012/07/19 17:45:40 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Smart Install Maker.lnk
[2012/07/19 15:55:53 | 000,006,216 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition.m2t.sfk
[2012/07/19 15:55:45 | 000,136,030 | ---- | M] () -- C:\Users\Nub\Desktop\YouTube Logo.jpg
[2012/07/19 15:45:30 | 717,645,444 | ---- | M] () -- C:\Users\Nub\Desktop\German Truck Simulator Austrian edition.m2t
[2012/07/19 15:45:30 | 000,000,214 | ---- | M] () -- C:\Users\Nub\Desktop\German Truck Simulator Austrian edition.m2t.sfl
[2012/07/19 15:31:48 | 009,754,568 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition end.m2t
[2012/07/19 15:31:48 | 000,000,206 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition end.m2t.sfl
[2012/07/19 13:36:54 | 010,564,472 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition.m2t
[2012/07/19 13:36:54 | 000,000,190 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition.m2t.sfl
[2012/07/19 13:33:13 | 000,026,749 | ---- | M] () -- C:\Users\Nub\Desktop\MMM.rar
[2012/07/18 18:01:24 | 000,111,296 | ---- | M] () -- C:\Users\Nub\Desktop\sampvlog.veg
[2012/07/18 17:15:33 | 000,154,368 | ---- | M] () -- C:\Users\Nub\Desktop\sampvlog.veg.bak
[2012/07/17 18:06:09 | 1576,871,159 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/16 22:37:55 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/16 22:28:44 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\RegistryNuke 2012.lnk
[2012/07/16 22:11:26 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nub\Desktop\TDSSKiller.exe
[2012/07/15 22:36:34 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/15 22:36:34 | 000,001,117 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware.lnk
[2012/07/15 20:36:26 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/07/15 18:19:03 | 087,155,672 | ---- | M] () -- C:\Users\Nub\Desktop\LIVE - KILLING NEO_RAMEN OBAMA! EXECLUSIVE.m2t
[2012/07/15 18:19:03 | 000,000,216 | ---- | M] () -- C:\Users\Nub\Desktop\LIVE - KILLING NEO_RAMEN OBAMA! EXECLUSIVE.m2t.sfl
[2012/07/15 16:55:43 | 000,160,488 | ---- | M] () -- C:\Users\Nub\Desktop\Must Persevere (Full version).mp3.sfk
[2012/07/15 16:55:35 | 004,677,678 | ---- | M] () -- C:\Users\Nub\Desktop\Must Persevere (Full version).mp3
[2012/07/15 16:41:32 | 000,296,544 | ---- | M] () -- C:\Users\Nub\Desktop\Untitled.mp3
[2012/07/15 16:39:09 | 032,084,080 | ---- | M] () -- C:\Users\Nub\Desktop\Untitled.m2t
[2012/07/15 16:39:09 | 000,000,190 | ---- | M] () -- C:\Users\Nub\Desktop\Untitled.m2t.sfl
[2012/07/15 10:57:11 | 000,001,383 | ---- | M] () -- C:\Users\Nub\Desktop\German Truck Simulator.lnk
[2012/07/15 10:54:08 | 000,001,379 | ---- | M] () -- C:\Users\Public\Desktop\German Truck Simulator.lnk
[2012/07/15 00:12:18 | 169,472,222 | ---- | M] () -- C:\Users\Nub\Desktop\POLSKAOpen.zip
[2012/07/15 00:10:56 | 171,498,097 | ---- | M] () -- C:\Users\Nub\Desktop\POLSKAOpen.scs
[2012/07/15 00:08:52 | 000,000,020 | ---- | M] () -- C:\Users\Nub\Desktop\POLSKA.rar
[2012/07/14 20:22:46 | 001,076,480 | R--- | M] () -- C:\Users\Nub\Desktop\Trial_Reset_3.3.rar
[2012/07/14 16:16:12 | 678,168,446 | ---- | M] () -- C:\Users\Nub\Desktop\ETS_1.3_Mega-Mix-Map-5 (2).zip
[2012/07/14 16:14:21 | 000,000,020 | ---- | M] () -- C:\Users\Nub\Desktop\New WinRAR archive.rar
[2012/07/14 16:13:41 | 680,293,139 | ---- | M] () -- C:\Users\Nub\Desktop\ETS_1.3_Mega-Mix-Map-5 (2).scs
[2012/07/14 16:04:55 | 000,000,022 | ---- | M] () -- C:\Users\Nub\Desktop\MMM1.zip
[2012/07/13 13:10:22 | 000,090,838 | ---- | M] () -- C:\Users\Nub\Desktop\before and after to color.jpg
[2012/07/13 12:06:10 | 1601,221,944 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator London Manchester Cheese.m2t
[2012/07/13 12:06:09 | 000,000,220 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator London Manchester Cheese.m2t.sfl
[2012/07/13 10:57:51 | 000,090,838 | ---- | M] () -- C:\Users\Nub\Desktop\before and after color.jpg
[2012/07/13 10:55:37 | 000,369,216 | ---- | M] () -- C:\Users\Nub\Desktop\colored portrait 2.jpg
[2012/07/12 18:08:04 | 000,892,433 | ---- | M] () -- C:\Users\Nub\Desktop\color fixed.jpg
[2012/07/12 17:25:35 | 000,886,121 | ---- | M] () -- C:\Users\Nub\Desktop\colored portrait.jpg
[2012/07/12 17:25:14 | 000,468,121 | ---- | M] () -- C:\Users\Nub\Desktop\restored guy.jpg
[2012/07/12 11:54:36 | 000,112,059 | ---- | M] () -- C:\Users\Nub\Desktop\before and after portrait.jpg
[2012/07/12 11:52:11 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 11.0 (64-bit).lnk
[2012/07/12 11:43:51 | 000,686,055 | ---- | M] () -- C:\Users\Nub\Desktop\restored portrait 1.jpg
[2012/07/12 11:07:38 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2012/07/12 10:47:52 | 000,297,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 22:37:38 | 000,098,953 | ---- | M] () -- C:\Users\Nub\Desktop\slide0023_image204.jpg
[2012/07/11 20:40:56 | 000,090,029 | ---- | M] () -- C:\Users\Nub\Desktop\before and after.jpg
[2012/07/11 20:36:47 | 000,360,094 | ---- | M] () -- C:\Users\Nub\Desktop\restored portrait.jpg
[2012/07/11 19:45:02 | 003,340,268 | ---- | M] () -- C:\Users\Nub\Desktop\Till Tomorrow Underscore.mp3
[2012/07/11 15:35:39 | 000,126,573 | ---- | M] () -- C:\Users\Nub\Desktop\beforeman.jpg
[2012/07/11 14:35:18 | 000,150,351 | ---- | M] () -- C:\Users\Nub\Desktop\Portrait restoration.jpg
[2012/07/11 14:28:58 | 001,124,275 | ---- | M] () -- C:\Users\Nub\Desktop\before.png
[2012/07/11 14:28:52 | 000,000,132 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/07/11 14:28:33 | 002,057,427 | ---- | M] () -- C:\Users\Nub\Desktop\after.png
[2012/07/11 14:16:35 | 3955,478,264 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Berne London Yoghurt.m2t
[2012/07/11 14:16:35 | 000,000,216 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Berne London Yoghurt.m2t.sfl
[2012/07/11 12:44:11 | 000,060,589 | ---- | M] () -- C:\Users\Nub\Desktop\Portrait color.jpg
[2012/07/11 12:42:50 | 000,020,500 | ---- | M] () -- C:\Users\Nub\Desktop\Portrait-French.jpg
[2012/07/11 12:06:27 | 000,272,586 | ---- | M] () -- C:\Users\Nub\Desktop\retouch_project4_4_10+004.jpg
[2012/07/11 12:06:21 | 000,721,276 | ---- | M] () -- C:\Users\Nub\Desktop\Family - restored.jpg
[2012/07/10 22:01:24 | 000,078,365 | ---- | M] () -- C:\Users\Nub\Desktop\After.jpg
[2012/07/10 22:01:06 | 000,070,151 | ---- | M] () -- C:\Users\Nub\Desktop\Before.jpg
[2012/07/10 21:17:25 | 000,938,104 | ---- | M] () -- C:\Users\Nub\Desktop\Restored.jpg
[2012/07/10 19:38:17 | 000,229,470 | ---- | M] () -- C:\Users\Nub\Desktop\CincinnatiMen.jpg
[2012/07/10 17:06:15 | 001,324,916 | ---- | M] () -- C:\Users\Nub\Desktop\rocky beach after.jpg
[2012/07/10 17:05:17 | 002,237,967 | ---- | M] () -- C:\Users\Nub\Desktop\colored.png
[2012/07/10 17:05:17 | 000,981,264 | ---- | M] () -- C:\Users\Nub\Desktop\rocky beach before.jpg
[2012/07/10 15:37:26 | 000,002,030 | ---- | M] () -- C:\Users\Nub\Desktop\mercedes_actros_interior_std.sii
[2012/07/10 15:10:27 | 002,170,584 | ---- | M] () -- C:\Users\Nub\Desktop\Color.jpg
[2012/07/10 14:22:42 | 000,350,455 | ---- | M] () -- C:\Users\Nub\Desktop\OldMotorCar.jpg
[2012/07/10 13:57:42 | 000,417,171 | ---- | M] () -- C:\Users\Nub\Desktop\sar1.png
[2012/07/10 13:57:31 | 001,954,670 | ---- | M] () -- C:\Users\Nub\Desktop\sar1.psd
[2012/07/10 13:50:26 | 000,064,657 | ---- | M] () -- C:\Users\Nub\Desktop\sar6.jpg
[2012/07/10 12:53:27 | 000,790,990 | ---- | M] () -- C:\Users\Nub\Desktop\do this later.psd
[2012/07/10 12:51:31 | 000,244,919 | ---- | M] () -- C:\Users\Nub\Desktop\gang.png
[2012/07/09 19:50:34 | 000,000,220 | ---- | M] () -- C:\Users\Nub\Desktop\FlatOut 2.url
[2012/07/09 17:27:05 | 000,807,246 | ---- | M] () -- C:\Users\Nub\Desktop\BLUE CAT.jpg
[2012/07/08 22:15:51 | 002,318,860 | ---- | M] () -- C:\Users\Nub\Desktop\Singapura Cat.psd
[2012/07/08 18:10:44 | 000,160,627 | ---- | M] () -- C:\Users\Nub\Desktop\Singapura Cat.jpg
[2012/07/08 18:09:12 | 000,000,112 | -H-- | M] () -- C:\39BD22373E07
[2012/07/08 18:09:12 | 000,000,040 | -H-- | M] () -- C:\BDAB4FE99C75
[2012/07/08 17:32:56 | 000,878,095 | ---- | M] () -- C:\Users\Nub\Desktop\142853951AP125_The_Raven_Ne.jpg
[2012/07/08 17:29:07 | 001,019,697 | ---- | M] () -- C:\Users\Nub\Desktop\President_Official_Portrait_HiRes.jpg
[2012/07/08 15:15:37 | 2165,417,276 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Barcelona Lyon Apples.m2t
[2012/07/08 15:15:37 | 000,000,218 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Barcelona Lyon Apples.m2t.sfl
[2012/07/06 20:35:07 | 001,572,918 | ---- | M] () -- C:\Users\Nub\Desktop\euroacres.bmp
[2012/07/06 18:19:27 | 2719,026,516 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Bordeaux Barcelona Tommatoes.m2t
[2012/07/06 18:19:27 | 000,000,224 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Bordeaux Barcelona Tommatoes.m2t.sfl
[2012/07/06 18:02:23 | 000,000,198 | ---- | M] () -- C:\Users\Nub\Desktop\First person driving mod.m2t.sfl
[2012/07/06 10:55:32 | 000,013,230 | ---- | M] () -- C:\Users\Nub\Desktop\Shady.PNG
[2012/07/06 10:55:15 | 000,012,726 | ---- | M] () -- C:\Users\Nub\Desktop\Scar.PNG
[2012/07/05 20:54:06 | 000,000,022 | ---- | M] () -- C:\Users\Nub\Desktop\New WinRAR ZIP archive.zip
[2012/07/05 18:46:34 | 000,172,098 | ---- | M] () -- C:\torrent.exe
[2012/07/05 17:54:48 | 001,043,253 | ---- | M] () -- C:\Users\Nub\Desktop\Done.png
[2012/07/05 17:54:43 | 000,000,132 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/05 17:54:39 | 004,191,177 | ---- | M] () -- C:\Users\Nub\Desktop\Done.psd
[2012/07/05 17:11:27 | 003,970,129 | ---- | M] () -- C:\Users\Nub\Desktop\ALmost done.psd
[2012/07/05 14:47:13 | 000,453,502 | ---- | M] () -- C:\Users\Nub\Desktop\EFOQKC.psd
[2012/07/04 22:04:21 | 000,039,654 | ---- | M] () -- C:\Users\Nub\Desktop\truck up2.png
[2012/07/04 22:02:42 | 000,037,145 | ---- | M] () -- C:\Users\Nub\Desktop\truck up1.png
[2012/07/04 21:33:09 | 001,572,918 | ---- | M] () -- C:\Users\Nub\Desktop\eurogoodies.bmp
[2012/07/04 19:14:30 | 000,699,216 | ---- | M] () -- C:\Users\Nub\Desktop\euroacres.dds
[2012/07/04 19:14:13 | 000,257,769 | ---- | M] () -- C:\Users\Nub\Desktop\euroacres.png
[2012/07/04 15:14:20 | 000,137,822 | ---- | M] () -- C:\Users\Nub\Desktop\agbacon acres trailer mod.scs
[2012/07/04 15:08:09 | 000,013,539 | ---- | M] () -- C:\Users\Nub\Desktop\road-splits-sign-hi.png
[2012/07/04 14:58:46 | 000,012,218 | ---- | M] () -- C:\Users\Nub\Desktop\greentractor.jpg
[2012/07/04 14:39:20 | 000,027,596 | ---- | M] () -- C:\Users\Nub\Desktop\star.jpg
[2012/07/03 15:43:32 | 491,792,447 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Lyon Vienna Acid.m2t
[2012/07/03 15:43:31 | 000,000,212 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Lyon Vienna Acid.m2t.sfl
[2012/07/03 15:14:08 | 000,006,168 | ---- | M] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t.sfk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 13:35:40 | 000,008,933 | ---- | M] () -- C:\Users\Nub\Desktop\ping.PNG
[2012/07/02 22:40:49 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Enemy Territory - QUAKE Wars(TM).lnk
[2012/07/02 22:40:43 | 000,000,328 | ---- | M] () -- C:\Windows\game.ini
[2012/07/02 20:20:07 | 010,448,664 | ---- | M] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t
[2012/07/02 20:20:07 | 000,000,204 | ---- | M] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t.sfl
[2012/07/02 20:10:23 | 000,033,005 | ---- | M] () -- C:\Users\Nub\Desktop\twab.png
[2012/07/02 19:53:40 | 000,071,959 | ---- | M] () -- C:\Users\Nub\Desktop\truckjpd.jpg
[2012/07/02 19:36:14 | 000,036,264 | ---- | M] () -- C:\Users\Nub\Desktop\truck up.png
[2012/07/02 19:30:52 | 000,035,752 | ---- | M] () -- C:\Users\Nub\Desktop\1254446789518345489tow-truck.svg.hi.png
[2012/07/02 19:27:56 | 000,046,005 | ---- | M] () -- C:\Users\Nub\Desktop\clipart_transport_552.jpg
[2012/07/02 12:38:30 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk

Ryan O'Brien, Jul 21, 2012

#50
Ryan O'Brien Newcomer, in training Posts: 65

[2012/07/02 12:09:22 | 000,000,216 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Frankfurt Berne Acid.m2t.sfl
[2012/07/01 22:38:51 | 000,000,984 | ---- | M] () -- C:\Users\Nub\Desktop\NeO IRC.lnk
[2012/07/01 14:57:33 | 000,001,965 | ---- | M] () -- C:\Users\Nub\Desktop\Paltalk Messenger.lnk
[2012/07/01 14:57:33 | 000,001,120 | ---- | M] () -- C:\Users\Nub\Desktop\Upgrade to Paltalk Extreme.lnk
[2012/07/01 14:56:02 | 000,001,247 | ---- | M] () -- C:\Users\Nub\Desktop\DVDVideoSoft Free Studio.lnk
[2012/07/01 14:56:01 | 000,001,320 | ---- | M] () -- C:\Users\Nub\Desktop\Free YouTube Uploader.lnk
[2012/07/01 14:47:36 | 000,005,568 | ---- | M] () -- C:\Users\Nub\Desktop\Truckin with AgentBacon.m2t.sfk
[2012/07/01 14:43:46 | 000,000,212 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Rome Munich Toys.m2t.sfl
[2012/07/01 12:33:38 | 088,486,148 | ---- | M] () -- C:\Users\Nub\Desktop\An1maL.m2t
[2012/07/01 12:33:38 | 000,000,180 | ---- | M] () -- C:\Users\Nub\Desktop\An1maL.m2t.sfl
[2012/06/30 20:32:45 | 009,465,236 | ---- | M] () -- C:\Users\Nub\Desktop\Truckin with AgentBacon.m2t
[2012/06/30 20:32:45 | 000,000,196 | ---- | M] () -- C:\Users\Nub\Desktop\Truckin with AgentBacon.m2t.sfl
[2012/06/30 17:03:51 | 035,149,984 | ---- | M] () -- C:\Users\Nub\Desktop\u2bviews promo.m2t
[2012/06/30 17:03:51 | 000,000,188 | ---- | M] () -- C:\Users\Nub\Desktop\u2bviews promo.m2t.sfl
[2012/06/30 16:13:58 | 002,787,328 | ---- | M] () -- C:\Users\Nub\Desktop\artict2.txd
[2012/06/30 15:57:53 | 000,480,505 | ---- | M] () -- C:\Users\Nub\Desktop\Fliegl_Auflieger.png
[2012/06/30 15:57:44 | 003,034,505 | ---- | M] () -- C:\Users\Nub\Desktop\Fliegl_Auflieger.psd
[2012/06/30 14:20:07 | 000,000,218 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Brussels Rome Yoghurt.m2t.sfl
[2012/06/29 18:56:44 | 003,550,536 | ---- | M] () -- C:\Users\Nub\Desktop\trailer and truck mod.rar
[2012/06/29 11:31:49 | 003,145,782 | ---- | M] () -- C:\Users\Nub\Desktop\Fliegl_Auflieger.bmp
[2012/06/28 21:21:52 | 000,000,091 | ---- | M] () -- C:\Users\Nub\AppData\Local\fusioncache.dat
[2012/06/28 17:50:27 | 000,001,407 | ---- | M] () -- C:\Users\Public\Desktop\18 WoS Extreme Trucker 2.lnk
[2012/06/28 00:05:41 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\Bus Driver.lnk
[2012/06/25 14:24:02 | 000,000,216 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Vienna Milan Yoghurt.m2t.sfl
[2012/06/22 17:00:49 | 000,134,672 | ---- | M] () -- C:\Windows\RegBootClean64.exe

========== Files Created - No Company Name ==========

[2012/07/21 21:17:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/21 21:17:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/21 21:17:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/21 21:17:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/21 21:17:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/21 14:34:22 | 000,000,512 | ---- | C] () -- C:\Users\Nub\Documents\MBR.dat
[2012/07/19 19:15:17 | 355,892,192 | ---- | C] () -- C:\Users\Nub\Desktop\Open this.zip
[2012/07/19 19:15:09 | 000,000,022 | ---- | C] () -- C:\Users\Nub\Desktop\New WinRAR ZIP archive (2).zip
[2012/07/19 18:17:14 | 000,000,132 | ---- | C] () -- C:\Users\Nub\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2012/07/19 18:17:13 | 000,006,776 | ---- | C] () -- C:\Users\Nub\Desktop\austrian edition logo.bmp
[2012/07/19 17:59:40 | 000,176,640 | ---- | C] ( ) -- C:\Users\Nub\Documents\Setup.exe
[2012/07/19 17:45:40 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Smart Install Maker.lnk
[2012/07/19 17:42:36 | 358,310,691 | ---- | C] () -- C:\Users\Nub\Desktop\GTS_1.32_8.0 (2).scs
[2012/07/19 17:41:44 | 890,125,729 | ---- | C] () -- C:\Users\Nub\Desktop\GTS_1.32_8.0.scs
[2012/07/19 15:55:43 | 000,136,030 | ---- | C] () -- C:\Users\Nub\Desktop\YouTube Logo.jpg
[2012/07/19 15:45:30 | 000,000,214 | ---- | C] () -- C:\Users\Nub\Desktop\German Truck Simulator Austrian edition.m2t.sfl
[2012/07/19 15:32:28 | 717,645,444 | ---- | C] () -- C:\Users\Nub\Desktop\German Truck Simulator Austrian edition.m2t
[2012/07/19 15:31:48 | 000,000,206 | ---- | C] () -- C:\Users\Nub\Desktop\Austrian edition end.m2t.sfl
[2012/07/19 15:31:38 | 009,754,568 | ---- | C] () -- C:\Users\Nub\Desktop\Austrian edition end.m2t
[2012/07/19 15:30:04 | 000,006,216 | ---- | C] () -- C:\Users\Nub\Desktop\Austrian edition.m2t.sfk
[2012/07/19 13:36:54 | 000,000,190 | ---- | C] () -- C:\Users\Nub\Desktop\Austrian edition.m2t.sfl
[2012/07/19 13:36:49 | 010,564,472 | ---- | C] () -- C:\Users\Nub\Desktop\Austrian edition.m2t
[2012/07/19 13:33:17 | 000,006,776 | ---- | C] () -- C:\Users\Nub\Desktop\cgqzfx8b.bmp
[2012/07/19 13:13:28 | 002,208,747 | ---- | C] () -- C:\Users\Nub\Desktop\main_video.ogg
[2012/07/17 23:25:59 | 000,001,117 | ---- | C] () -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware.lnk
[2012/07/17 18:06:09 | 1576,871,159 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/16 22:37:55 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/16 22:28:44 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\RegistryNuke 2012.lnk
[2012/07/16 21:39:01 | 000,154,368 | ---- | C] () -- C:\Users\Nub\Desktop\sampvlog.veg.bak
[2012/07/16 21:39:01 | 000,111,296 | ---- | C] () -- C:\Users\Nub\Desktop\sampvlog.veg
[2012/07/15 22:36:34 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/15 20:37:25 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/07/15 20:37:24 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/07/15 20:37:24 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/07/15 20:37:24 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/07/15 20:37:24 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/07/15 20:36:26 | 000,002,279 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/07/15 20:33:59 | 001,666,808 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/15 18:19:03 | 000,000,216 | ---- | C] () -- C:\Users\Nub\Desktop\LIVE - KILLING NEO_RAMEN OBAMA! EXECLUSIVE.m2t.sfl
[2012/07/15 18:17:42 | 087,155,672 | ---- | C] () -- C:\Users\Nub\Desktop\LIVE - KILLING NEO_RAMEN OBAMA! EXECLUSIVE.m2t
[2012/07/15 16:55:41 | 000,160,488 | ---- | C] () -- C:\Users\Nub\Desktop\Must Persevere (Full version).mp3.sfk
[2012/07/15 16:55:31 | 004,677,678 | ---- | C] () -- C:\Users\Nub\Desktop\Must Persevere (Full version).mp3
[2012/07/15 16:41:32 | 000,296,544 | ---- | C] () -- C:\Users\Nub\Desktop\Untitled.mp3
[2012/07/15 16:39:09 | 000,000,190 | ---- | C] () -- C:\Users\Nub\Desktop\Untitled.m2t.sfl
[2012/07/15 16:39:02 | 032,084,080 | ---- | C] () -- C:\Users\Nub\Desktop\Untitled.m2t
[2012/07/15 10:57:11 | 000,001,383 | ---- | C] () -- C:\Users\Nub\Desktop\German Truck Simulator.lnk
[2012/07/15 10:54:08 | 000,001,379 | ---- | C] () -- C:\Users\Public\Desktop\German Truck Simulator.lnk
[2012/07/15 00:09:27 | 171,498,097 | ---- | C] () -- C:\Users\Nub\Desktop\POLSKAOpen.scs
[2012/07/15 00:09:27 | 169,472,222 | ---- | C] () -- C:\Users\Nub\Desktop\POLSKAOpen.zip
[2012/07/15 00:08:52 | 000,000,020 | ---- | C] () -- C:\Users\Nub\Desktop\POLSKA.rar
[2012/07/15 00:08:31 | 430,231,361 | ---- | C] () -- C:\Users\Nub\Desktop\POLSKA.scs
[2012/07/14 20:22:45 | 001,076,480 | R--- | C] () -- C:\Users\Nub\Desktop\Trial_Reset_3.3.rar
[2012/07/14 16:15:29 | 678,168,446 | ---- | C] () -- C:\Users\Nub\Desktop\ETS_1.3_Mega-Mix-Map-5 (2).zip
[2012/07/14 16:14:21 | 000,000,020 | ---- | C] () -- C:\Users\Nub\Desktop\New WinRAR archive.rar
[2012/07/14 16:06:22 | 680,293,139 | ---- | C] () -- C:\Users\Nub\Desktop\ETS_1.3_Mega-Mix-Map-5 (2).scs
[2012/07/14 16:05:47 | 1725,281,403 | ---- | C] () -- C:\Users\Nub\Desktop\ETS_1.3_Mega-Mix-Map-5.scs
[2012/07/14 16:04:55 | 000,000,022 | ---- | C] () -- C:\Users\Nub\Desktop\MMM1.zip
[2012/07/14 16:04:33 | 000,026,749 | ---- | C] () -- C:\Users\Nub\Desktop\MMM.rar
[2012/07/13 13:10:21 | 000,090,838 | ---- | C] () -- C:\Users\Nub\Desktop\before and after to color.jpg
[2012/07/13 12:06:09 | 000,000,220 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator London Manchester Cheese.m2t.sfl
[2012/07/13 11:52:27 | 1601,221,944 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator London Manchester Cheese.m2t
[2012/07/13 10:57:46 | 000,090,838 | ---- | C] () -- C:\Users\Nub\Desktop\before and after color.jpg
[2012/07/13 10:55:35 | 000,369,216 | ---- | C] () -- C:\Users\Nub\Desktop\colored portrait 2.jpg
[2012/07/12 18:08:03 | 000,892,433 | ---- | C] () -- C:\Users\Nub\Desktop\color fixed.jpg
[2012/07/12 17:25:32 | 000,886,121 | ---- | C] () -- C:\Users\Nub\Desktop\colored portrait.jpg
[2012/07/12 17:25:12 | 000,468,121 | ---- | C] () -- C:\Users\Nub\Desktop\restored guy.jpg
[2012/07/12 11:54:34 | 000,112,059 | ---- | C] () -- C:\Users\Nub\Desktop\before and after portrait.jpg
[2012/07/12 11:43:48 | 000,686,055 | ---- | C] () -- C:\Users\Nub\Desktop\restored portrait 1.jpg
[2012/07/12 11:07:38 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2012/07/11 22:37:38 | 000,098,953 | ---- | C] () -- C:\Users\Nub\Desktop\slide0023_image204.jpg
[2012/07/11 20:40:54 | 000,090,029 | ---- | C] () -- C:\Users\Nub\Desktop\before and after.jpg
[2012/07/11 20:36:45 | 000,360,094 | ---- | C] () -- C:\Users\Nub\Desktop\restored portrait.jpg
[2012/07/11 19:44:56 | 003,340,268 | ---- | C] () -- C:\Users\Nub\Desktop\Till Tomorrow Underscore.mp3
[2012/07/11 15:35:38 | 000,126,573 | ---- | C] () -- C:\Users\Nub\Desktop\beforeman.jpg
[2012/07/11 14:35:16 | 000,150,351 | ---- | C] () -- C:\Users\Nub\Desktop\Portrait restoration.jpg
[2012/07/11 14:28:49 | 001,124,275 | ---- | C] () -- C:\Users\Nub\Desktop\before.png
[2012/07/11 14:28:29 | 002,057,427 | ---- | C] () -- C:\Users\Nub\Desktop\after.png
[2012/07/11 14:16:35 | 000,000,216 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Berne London Yoghurt.m2t.sfl
[2012/07/11 13:50:44 | 3955,478,264 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Berne London Yoghurt.m2t
[2012/07/11 12:42:50 | 000,020,500 | ---- | C] () -- C:\Users\Nub\Desktop\Portrait-French.jpg
[2012/07/11 12:42:45 | 000,060,589 | ---- | C] () -- C:\Users\Nub\Desktop\Portrait color.jpg
[2012/07/11 12:06:27 | 000,272,586 | ---- | C] () -- C:\Users\Nub\Desktop\retouch_project4_4_10+004.jpg
[2012/07/11 12:06:19 | 000,721,276 | ---- | C] () -- C:\Users\Nub\Desktop\Family - restored.jpg
[2012/07/10 23:30:42 | 000,001,646 | ---- | C] () -- C:\Users\Nub\Desktop\volvo_fh16_a.sii
[2012/07/10 22:01:22 | 000,078,365 | ---- | C] () -- C:\Users\Nub\Desktop\After.jpg
[2012/07/10 22:01:04 | 000,070,151 | ---- | C] () -- C:\Users\Nub\Desktop\Before.jpg
[2012/07/10 19:38:15 | 000,229,470 | ---- | C] () -- C:\Users\Nub\Desktop\CincinnatiMen.jpg
[2012/07/10 19:37:43 | 000,938,104 | ---- | C] () -- C:\Users\Nub\Desktop\Restored.jpg
[2012/07/10 17:06:12 | 001,324,916 | ---- | C] () -- C:\Users\Nub\Desktop\rocky beach after.jpg
[2012/07/10 17:05:16 | 000,981,264 | ---- | C] () -- C:\Users\Nub\Desktop\rocky beach before.jpg
[2012/07/10 17:05:12 | 002,237,967 | ---- | C] () -- C:\Users\Nub\Desktop\colored.png
[2012/07/10 15:32:14 | 000,002,030 | ---- | C] () -- C:\Users\Nub\Desktop\mercedes_actros_interior_std.sii
[2012/07/10 15:10:24 | 002,170,584 | ---- | C] () -- C:\Users\Nub\Desktop\Color.jpg
[2012/07/10 14:22:42 | 000,350,455 | ---- | C] () -- C:\Users\Nub\Desktop\OldMotorCar.jpg
[2012/07/10 13:57:39 | 000,417,171 | ---- | C] () -- C:\Users\Nub\Desktop\sar1.png
[2012/07/10 13:57:30 | 001,954,670 | ---- | C] () -- C:\Users\Nub\Desktop\sar1.psd
[2012/07/10 13:50:30 | 000,064,657 | ---- | C] () -- C:\Users\Nub\Desktop\sar6.jpg
[2012/07/10 12:53:24 | 000,790,990 | ---- | C] () -- C:\Users\Nub\Desktop\do this later.psd
[2012/07/10 12:51:30 | 000,000,132 | ---- | C] () -- C:\Users\Nub\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/07/10 12:51:28 | 000,244,919 | ---- | C] () -- C:\Users\Nub\Desktop\gang.png
[2012/07/09 19:50:34 | 000,000,220 | ---- | C] () -- C:\Users\Nub\Desktop\FlatOut 2.url
[2012/07/09 17:27:01 | 000,807,246 | ---- | C] () -- C:\Users\Nub\Desktop\BLUE CAT.jpg
[2012/07/08 22:15:45 | 002,318,860 | ---- | C] () -- C:\Users\Nub\Desktop\Singapura Cat.psd
[2012/07/08 18:10:44 | 000,160,627 | ---- | C] () -- C:\Users\Nub\Desktop\Singapura Cat.jpg
[2012/07/08 18:09:12 | 000,000,112 | -H-- | C] () -- C:\39BD22373E07
[2012/07/08 18:09:12 | 000,000,040 | -H-- | C] () -- C:\BDAB4FE99C75
[2012/07/08 17:32:56 | 000,878,095 | ---- | C] () -- C:\Users\Nub\Desktop\142853951AP125_The_Raven_Ne.jpg
[2012/07/08 17:29:07 | 001,019,697 | ---- | C] () -- C:\Users\Nub\Desktop\President_Official_Portrait_HiRes.jpg
[2012/07/08 15:15:37 | 000,000,218 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Barcelona Lyon Apples.m2t.sfl
[2012/07/08 15:03:23 | 2165,417,276 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Barcelona Lyon Apples.m2t
[2012/07/07 12:08:20 | 000,151,552 | ---- | C] ( ) -- C:\Users\Nub\Desktop\Interop.SHDocVw.dll
[2012/07/06 18:19:27 | 000,000,224 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Bordeaux Barcelona Tommatoes.m2t.sfl
[2012/07/06 18:02:23 | 000,000,198 | ---- | C] () -- C:\Users\Nub\Desktop\First person driving mod.m2t.sfl
[2012/07/06 17:55:40 | 2719,026,516 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Bordeaux Barcelona Tommatoes.m2t
[2012/07/06 10:55:32 | 000,013,230 | ---- | C] () -- C:\Users\Nub\Desktop\Shady.PNG
[2012/07/06 10:55:15 | 000,012,726 | ---- | C] () -- C:\Users\Nub\Desktop\Scar.PNG
[2012/07/05 20:54:06 | 000,000,022 | ---- | C] () -- C:\Users\Nub\Desktop\New WinRAR ZIP archive.zip
[2012/07/05 20:46:54 | 000,349,680 | ---- | C] () -- C:\Users\Nub\Desktop\details_excl.dds
[2012/07/05 18:46:34 | 000,172,098 | ---- | C] () -- C:\torrent.exe
[2012/07/05 17:54:43 | 001,043,253 | ---- | C] () -- C:\Users\Nub\Desktop\Done.png
[2012/07/05 17:54:37 | 004,191,177 | ---- | C] () -- C:\Users\Nub\Desktop\Done.psd
[2012/07/05 17:11:26 | 003,970,129 | ---- | C] () -- C:\Users\Nub\Desktop\ALmost done.psd
[2012/07/05 14:47:11 | 000,453,502 | ---- | C] () -- C:\Users\Nub\Desktop\EFOQKC.psd
[2012/07/04 22:04:19 | 000,039,654 | ---- | C] () -- C:\Users\Nub\Desktop\truck up2.png
[2012/07/04 22:02:40 | 000,037,145 | ---- | C] () -- C:\Users\Nub\Desktop\truck up1.png
[2012/07/04 21:33:21 | 001,572,918 | ---- | C] () -- C:\Users\Nub\Desktop\eurogoodies.bmp
[2012/07/04 15:14:54 | 000,137,822 | ---- | C] () -- C:\Users\Nub\Desktop\agbacon acres trailer mod.scs
[2012/07/04 15:12:26 | 000,257,769 | ---- | C] () -- C:\Users\Nub\Desktop\euroacres.png
[2012/07/04 15:08:09 | 000,013,539 | ---- | C] () -- C:\Users\Nub\Desktop\road-splits-sign-hi.png
[2012/07/04 14:58:46 | 000,012,218 | ---- | C] () -- C:\Users\Nub\Desktop\greentractor.jpg
[2012/07/04 14:39:20 | 000,027,596 | ---- | C] () -- C:\Users\Nub\Desktop\star.jpg
[2012/07/04 14:33:55 | 001,572,918 | ---- | C] () -- C:\Users\Nub\Desktop\euroacres.bmp
[2012/07/04 14:32:09 | 000,699,216 | ---- | C] () -- C:\Users\Nub\Desktop\euroacres.dds
[2012/07/04 14:32:09 | 000,000,088 | ---- | C] () -- C:\Users\Nub\Desktop\euroacres.tobj
[2012/07/03 15:43:31 | 000,000,212 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Lyon Vienna Acid.m2t.sfl
[2012/07/03 15:15:58 | 491,792,447 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Lyon Vienna Acid.m2t
[2012/07/03 15:13:48 | 000,006,168 | ---- | C] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t.sfk
[2012/07/03 13:35:40 | 000,008,933 | ---- | C] () -- C:\Users\Nub\Desktop\ping.PNG
[2012/07/02 22:40:49 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Enemy Territory - QUAKE Wars(TM).lnk
[2012/07/02 22:40:43 | 000,000,328 | ---- | C] () -- C:\Windows\game.ini
[2012/07/02 20:20:07 | 000,000,204 | ---- | C] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t.sfl
[2012/07/02 20:20:03 | 010,448,664 | ---- | C] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t
[2012/07/02 20:10:22 | 000,033,005 | ---- | C] () -- C:\Users\Nub\Desktop\twab.png
[2012/07/02 19:53:39 | 000,071,959 | ---- | C] () -- C:\Users\Nub\Desktop\truckjpd.jpg
[2012/07/02 19:36:12 | 000,036,264 | ---- | C] () -- C:\Users\Nub\Desktop\truck up.png
[2012/07/02 19:30:52 | 000,035,752 | ---- | C] () -- C:\Users\Nub\Desktop\1254446789518345489tow-truck.svg.hi.png
[2012/07/02 19:27:56 | 000,046,005 | ---- | C] () -- C:\Users\Nub\Desktop\clipart_transport_552.jpg
[2012/07/02 12:38:30 | 000,000,740 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/07/02 12:09:22 | 000,000,216 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Frankfurt Berne Acid.m2t.sfl
[2012/07/01 22:39:16 | 005,987,567 | ---- | C] () -- C:\Users\Nub\Desktop\intV_by_mina&he.scs
[2012/07/01 22:30:09 | 001,587,304 | ---- | C] () -- C:\Users\Nub\Desktop\ets_00209.png
[2012/07/01 14:57:33 | 000,001,965 | ---- | C] () -- C:\Users\Nub\Desktop\Paltalk Messenger.lnk
[2012/07/01 14:57:33 | 000,001,120 | ---- | C] () -- C:\Users\Nub\Desktop\Upgrade to Paltalk Extreme.lnk
[2012/07/01 14:56:02 | 000,001,247 | ---- | C] () -- C:\Users\Nub\Desktop\DVDVideoSoft Free Studio.lnk
[2012/07/01 14:56:01 | 000,001,320 | ---- | C] () -- C:\Users\Nub\Desktop\Free YouTube Uploader.lnk
[2012/07/01 14:43:46 | 000,000,212 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Rome Munich Toys.m2t.sfl
[2012/07/01 14:18:42 | 000,005,568 | ---- | C] () -- C:\Users\Nub\Desktop\Truckin with AgentBacon.m2t.sfk
[2012/07/01 12:33:38 | 000,000,180 | ---- | C] () -- C:\Users\Nub\Desktop\An1maL.m2t.sfl
[2012/07/01 12:33:13 | 088,486,148 | ---- | C] () -- C:\Users\Nub\Desktop\An1maL.m2t
[2012/06/30 20:32:45 | 000,000,196 | ---- | C] () -- C:\Users\Nub\Desktop\Truckin with AgentBacon.m2t.sfl
[2012/06/30 20:32:37 | 009,465,236 | ---- | C] () -- C:\Users\Nub\Desktop\Truckin with AgentBacon.m2t
[2012/06/30 17:03:51 | 000,000,188 | ---- | C] () -- C:\Users\Nub\Desktop\u2bviews promo.m2t.sfl
[2012/06/30 17:02:38 | 035,149,984 | ---- | C] () -- C:\Users\Nub\Desktop\u2bviews promo.m2t
[2012/06/30 14:20:07 | 000,000,218 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Brussels Rome Yoghurt.m2t.sfl
[2012/06/29 23:30:56 | 003,034,505 | ---- | C] () -- C:\Users\Nub\Desktop\Fliegl_Auflieger.psd
[2012/06/29 18:55:18 | 003,550,536 | ---- | C] () -- C:\Users\Nub\Desktop\trailer and truck mod.rar
[2012/06/29 12:23:18 | 002,787,328 | ---- | C] () -- C:\Users\Nub\Desktop\artict2.txd
[2012/06/29 12:22:39 | 000,480,505 | ---- | C] () -- C:\Users\Nub\Desktop\Fliegl_Auflieger.png
[2012/06/29 11:31:49 | 003,145,782 | ---- | C] () -- C:\Users\Nub\Desktop\Fliegl_Auflieger.bmp
[2012/06/28 21:21:52 | 000,000,091 | ---- | C] () -- C:\Users\Nub\AppData\Local\fusioncache.dat
[2012/06/28 17:50:27 | 000,001,407 | ---- | C] () -- C:\Users\Public\Desktop\18 WoS Extreme Trucker 2.lnk
[2012/06/28 00:05:41 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\Bus Driver.lnk
[2012/06/25 19:41:09 | 000,000,244 | ---- | C] () -- C:\Users\Nub\Desktop\interior_volvo_fh16.sii
[2012/06/25 14:24:02 | 000,000,216 | ---- | C] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Vienna Milan Yoghurt.m2t.sfl
[2012/06/19 16:23:02 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/06/19 16:22:55 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012/06/19 16:22:55 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012/06/11 12:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/06/11 12:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/30 15:45:14 | 000,000,132 | ---- | C] () -- C:\Users\Nub\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/05/12 20:55:32 | 000,001,456 | ---- | C] () -- C:\Users\Nub\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/05/12 20:47:37 | 000,000,132 | ---- | C] () -- C:\Users\Nub\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/05/12 20:24:16 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/05/12 20:24:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/27 04:14:59 | 000,119,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/04/11 22:47:10 | 000,006,144 | ---- | C] () -- C:\Users\Nub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/10 00:14:04 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/04/10 00:14:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012/04/10 00:14:02 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012/03/27 18:57:06 | 000,000,132 | ---- | C] () -- C:\Users\Nub\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/14 22:36:59 | 000,000,291 | ---- | C] () -- C:\Windows\cod2demo.ini
[2012/02/22 18:06:18 | 000,134,672 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/02/19 18:55:01 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2012/01/25 14:56:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/01/23 16:23:11 | 000,803,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/22 22:20:10 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/22 22:20:08 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/10 21:24:47 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011/08/10 21:24:00 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/08/10 21:23:54 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2011/08/10 21:23:54 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/08/10 21:23:54 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/08/10 21:19:29 | 000,003,543 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/08/10 21:19:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/08/10 21:19:22 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2011/08/10 21:19:22 | 000,002,649 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/08/10 21:16:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/28 16:34:00 | 000,145,288 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2010/11/28 16:34:00 | 000,128,904 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe

========== LOP Check ==========

[2012/06/14 19:10:21 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\.minecraft
[2012/04/05 15:07:11 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\.techniclauncher
[2012/06/20 10:39:35 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Audacity
[2012/03/29 15:00:51 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\avidemux
[2012/05/12 20:12:16 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Bitsoft
[2012/05/12 20:12:16 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\cidialog32
[2012/05/30 15:25:18 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Clickteam
[2012/06/12 21:50:20 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/16 22:04:50 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Dropbox
[2012/07/01 14:56:10 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\DVDVideoSoft
[2012/05/12 20:24:30 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\GeoVid
[2012/06/03 15:17:09 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Marine Aquarium 3
[2012/06/14 19:07:15 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Mirillis
[2012/03/31 21:03:49 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Notepad++
[2012/07/01 14:56:10 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\OpenCandy
[2012/03/27 15:08:34 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Opera
[2012/07/01 14:57:31 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Paltalk
[2012/04/10 00:18:39 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\PowerUp Software
[2012/04/02 15:20:23 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Publish Providers
[2012/05/16 01:58:45 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\SoftGrid Client
[2012/05/24 22:11:58 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Sony
[2012/06/13 11:12:16 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\Sony Creative Software Inc
[2012/04/18 19:26:18 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\SystemRequirementsLab
[2012/07/12 11:08:43 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\TechSmith
[2012/07/15 20:33:31 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\TestApp
[2012/07/15 23:24:47 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\uTorrent
[2012/03/31 19:31:49 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\wargaming.net
[2012/06/02 19:33:49 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\WeatherBug
[2012/05/11 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\Nub\AppData\Roaming\what
[2012/05/24 10:49:21 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:FB6A21E3
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >

Ryan O'Brien, Jul 21, 2012

#51
Ryan O'Brien Newcomer, in training Posts: 65

I'm also running in safe mode because it was starting to freeze more.

Ryan O'Brien, Jul 21, 2012

#52
Ryan O'Brien Newcomer, in training Posts: 65

OTL Extras logfile created on: 7/21/2012 10:06:11 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Nub\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.50 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 82.78% Memory free
14.99 Gb Paging File | 13.72 Gb Available in Paging File | 91.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 51.34 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
Drive D: | 544.72 Gb Total Space | 8.23 Gb Free Space | 1.51% Space Free | Partition Type: NTFS
Drive F: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RYAN-PC | User Name: Nub | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp[@ = WinHelpCustomView.Scenario] -- Reg Error: Key error. File not found
.html[@ = ChromeHTML.Nub] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = WinHelpCustomView.Scenario] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML.Nub] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D5BC70-0434-4685-8598-A5FEA50C7B70}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0C60947F-CE1D-469B-93A1-90272D76191E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11B8294B-A072-4C9C-88C5-3756032A86FE}" = lport=138 | protocol=17 | dir=in | app=system |
"{16CF6D08-6FD8-478E-9E8A-966456115C20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23108FF9-AEC2-4F58-A667-DBA949ED4134}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2D6AC29B-0AAF-4466-AF0D-524962BE93E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42F0686A-36A7-4804-BCE6-FDCCFF25AC0B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43C83BBA-8ECC-4C4D-A83E-28C9B0F5CDC2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F1AE481-0C15-46DA-ABA9-494050B128EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{661DE5FC-E4BA-4039-85B4-F4BAECE11280}" = rport=445 | protocol=6 | dir=out | app=system |
"{82C60322-3A4B-4B96-A0D1-0BD0A5200CAA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DE5337F-E484-4ADA-A1EE-A7C221F29905}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8E85C818-8A3C-4CFB-92F5-500E5727AC1F}" = rport=137 | protocol=17 | dir=out | app=system |
"{8EAAD81C-88DF-47F4-966A-FED14367B7DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97386B97-2B9E-43F4-9DDB-792C2F5EBFBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1E169F2-1605-4F6B-8D23-7B5AB59BB053}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD6D5B8D-6774-4EA6-925B-1EE15D278571}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF589E12-CF1F-47A2-8E5B-E433C898247A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B49918FE-9AC7-49E1-BE62-1637F2CF92CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B9A11845-B4E1-4D2D-B000-B3409F48C754}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C18E44D2-EFE8-4BFA-AAC8-31CCE0AEA0CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2BCF53A-26A0-4196-9C60-1164D7AAC74C}" = lport=445 | protocol=6 | dir=in | app=system |
"{D12E759A-3AA4-463E-B30C-CD34D74D3124}" = lport=139 | protocol=6 | dir=in | app=system |
"{F0CA7B13-8B10-4F30-8312-613459D2A9D9}" = lport=137 | protocol=17 | dir=in | app=system |
"{FD066447-36ED-4CA0-8D1D-43889752DD87}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005EB1E1-2B53-4095-9B1E-8525C46902CE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{00D5DC75-BE2F-4223-99E9-469B496B8A8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0422F17A-7218-4072-8081-69BFD5F8D498}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0FAE9B46-D5E8-4E10-9FCF-555A6C564C56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{128E015D-7E1C-40CE-A2A9-D8D34028849C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra\system\redorchestra.exe |
"{22F946B2-AEAF-4CAC-845F-6C941EEA937E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\docs\ea help\electronic_arts_technical_support.htm |
"{28197B1F-0E04-4A35-94CF-D71D581258C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{28BA4264-B270-436F-8290-4D54FCE334C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe |
"{2A92CB9B-2ED6-4660-8ACC-C089777A9CB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{2A9CF528-D50E-4345-BC27-95B4E0349AD9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe |
"{2F47C5D5-9D31-41FE-A334-91BA9FDF1AD7}" = protocol=17 | dir=in | app=c:\users\nub\appdata\roaming\dropbox\bin\dropbox.exe |
"{2FFF909C-8077-4D26-921E-A831E309E0D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\agentred92\counter-strike\hl.exe |
"{34B767A7-BD84-4E23-9F6C-9186E4CDEFD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
"{3AEF44B2-7A79-4F77-8ADA-47E3BACB3319}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{3EBFC12D-2FBB-4562-8904-BD36FF915C5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{3F4D58EE-C6C2-4130-A782-085963A11A72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44E98468-D92E-4E1B-864D-786402A84A61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{457D90C1-3447-4C68-B70C-B5FFD57D4DA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{480BF723-82A4-4BC3-8510-CA1CB3084418}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4C194A7F-BE45-4C72-8948-0C76B22BDA28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4DD3ECC6-5063-4114-9155-87D94FD8AA4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |
"{526D7FFD-8E31-466F-961E-DB0C3316F4D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\agentred92\counter-strike\hl.exe |
"{53FB58D1-C9B8-4065-9A10-7240EA29A035}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5BE09615-960F-4C26-963C-60A9C016C78A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{684BA55A-6FC4-4504-8E17-05AB98843FB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{6887EBA3-E70E-42A0-BFEA-315BE7931A66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{6B686BE5-A5CB-4249-A06A-ECF8344E9306}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout2\flatout2.exe |
"{6F68EF10-8339-4E96-ABBF-A87F6769253B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"{6F7823C9-7540-497A-AA21-07D5A442C79F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{6FC85FAB-F2EE-4682-B0D0-BE069CFB4EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{704EFB97-1642-4DAC-9170-0BB2AE9C191D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\masseffect2launcher.exe |
"{72391853-C875-4A09-9BC9-385C08BB2321}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{751528DA-A125-43EA-AADA-45C99B3B10D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 2\cod2mp_s.exe |
"{76044A3A-55CD-4CB3-8E34-E7FF1557F6B4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7675B8D1-46AC-4B59-AF5A-31331A0F7667}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe |
"{7A23A2CF-7750-47D9-9762-73FB00B5DCD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{7B982F15-D696-49EA-A073-E375F2EBC83E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{7BA0C393-F161-4906-92EF-7D135849C485}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F735C36-550B-49F8-B64D-9E205B30BF15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BA33F17-FC8B-4E6E-8C6A-593D48AE1DAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D68B189-0EB5-4239-9210-815A278B103E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{8DA2AD27-FA60-4DA6-9AFA-E144EA17C629}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{8DEDAF7D-22D4-4BC2-B2D0-E515B928F815}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout2\flatout2.exe |
"{8FB4911E-F209-429C-BDD1-7318B9B5D442}" = protocol=6 | dir=out | app=system |
"{92A76A93-5960-4F0F-8EDC-79C675256A47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{92EF17F8-B8B1-4365-9AED-FB5A5123A901}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{936E3117-4E94-48DD-B0DE-75C9FDCF4BAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe |
"{93AD3CAD-6E7A-48AE-8265-F5D62FCD3301}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra\system\redorchestra.exe |
"{93AD46F8-D857-436C-B07A-CB578A0F4E02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\steamlauncher.exe |
"{949E9CD5-BD01-4050-822A-01EBBBF88E0C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{97F71FE1-9039-4202-8E00-1216C5CE5D12}" = protocol=17 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqw.exe |
"{99672FAC-6DC9-4DA7-94C9-08EC2BD69ED8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9995497F-82F9-4990-94CC-C4C58832D060}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{9C0F4841-219E-46CB-B743-1EA911DEAF1C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{9E761AA9-7597-4274-9B7F-03B8266FFD1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{A4922D1D-7F2C-427E-8514-63CC491ECAB6}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{A58046EF-6316-45A0-96A8-05D499E3AB8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\docs\ea help\electronic_arts_technical_support.htm |
"{A629FB0B-B2F8-48B5-BEEA-558FB4666A38}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6591945-97E6-42EA-B80D-BAC306AAC6B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout demo\flatoutdemo.exe |
"{A705B3B0-3127-49D9-9A74-F0058309E34E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7386E0D-F968-46ED-A519-BABBB576CA73}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B0C01979-B0C0-4FDF-BC33-5F17362F8931}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B24715C8-2854-4B69-8AD7-4F97DEAA7156}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"{B43FAF77-1ECE-4435-A10B-08397ABB4D24}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B484D691-D533-4249-9EFD-83AD670E11FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{B5E2F32E-87B4-4E62-A00C-FD832F5077D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout demo\flatoutdemo.exe |
"{BAABCEC7-82BB-46C6-A098-1ED65CF135FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BFE69A5C-BF0F-4AA7-A1E6-F5D5EE9656C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CAAEF96A-F6FC-4024-98CA-99ED8993E08A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{CCF3411D-1B35-4361-A301-91D5CFD50522}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{D2359D58-7599-4C38-86F7-C35D5113A589}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 2\cod2mp_s.exe |
"{D6B45564-84AF-4061-A63F-C81A21E9A4BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6FBD938-585F-4874-A0C2-E0C2F4A770DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 2\cod2sp_s.exe |
"{D9A3113E-A379-48F5-872A-64037458DEB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB686681-074E-4B66-9AFD-A11AC59DB9E4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DBDAD1A8-47BC-4CCF-96CD-2CF1276B4A13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
"{DCEE6BD2-74EF-40D5-9181-D4D1D3051E66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |
"{E022765D-028F-4608-9630-448139924DBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\steamlauncher.exe |
"{E1311253-879B-4A97-B5A7-06935A1B345D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\masseffect2launcher.exe |
"{E44C6E3C-7698-4ABA-9BBF-48A65FC8EC59}" = protocol=6 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqw.exe |
"{E52A6904-E6B2-4AC8-A614-DB3D02D7F8E9}" = protocol=6 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqwded.exe |
"{EA3A3A9B-BA42-456B-A792-10B7E84FE425}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB73CF65-1096-4565-83AD-E955F5457467}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EF138B25-7794-4FF2-9E35-59F99687A26C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

Ryan O'Brien, Jul 21, 2012

#53
Ryan O'Brien Newcomer, in training Posts: 65

"{EFF47C0C-E960-4286-B074-354575D5CDCD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{F21AE01E-791A-48FD-A42F-324E7B672D13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{F37307E5-BBB2-456A-8F17-192591827879}" = protocol=17 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqwded.exe |
"{F51F1BFF-C6A2-4037-9E8A-8791DDEFE11C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{F7B1109D-3343-469C-A197-E6CAB9103951}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FA3F523F-05DC-4809-A5CD-FE2D2B41D106}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{FACD3182-3B4E-43B3-9C91-2132A164E69B}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{FC2D03C3-A9E5-4417-93A3-516B9A32FAF5}" = protocol=6 | dir=in | app=c:\users\nub\appdata\roaming\dropbox\bin\dropbox.exe |
"{FD32662E-84E4-4EAB-BABD-40131780B08C}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{FF17D78F-681F-4B64-892A-2C49FD86DEDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 2\cod2sp_s.exe |
"TCP Query User{1BCEB828-77C7-4CB3-8CEA-1E22F6D1EBAA}C:\program files (x86)\global star software\jetfighter 2015\real\jet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\global star software\jetfighter 2015\real\jet.exe |
"TCP Query User{26D65992-D579-4582-A74F-8CA8A23B2653}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{2C7DAC5B-9F22-41C4-9D87-1D359956C432}C:\program files\neo irc 1.7\mirc.exe" = protocol=6 | dir=in | app=c:\program files\neo irc 1.7\mirc.exe |
"TCP Query User{2ECECD73-0D7D-4582-BAAA-42E1E0376050}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{4306B8DA-86FF-47DE-B09B-27DA589DD271}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{518936B9-35BC-4281-9F41-E8C13C623675}C:\program files (x86)\mta san andreas 1.3\server\mta server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mta san andreas 1.3\server\mta server.exe |
"TCP Query User{567BF29C-585D-4613-9055-2A01B611ECA7}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{6A38B503-6075-4E23-8FFF-C1A5933BE1EB}C:\program files\neo irc 1.7\mirc.exe" = protocol=6 | dir=in | app=c:\program files\neo irc 1.7\mirc.exe |
"TCP Query User{70FED8DE-32FE-4BDF-9DB3-471753D755BE}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{769BD5C1-00FC-4AE0-B460-8CE067CB051A}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{7B3DE38C-9389-4F84-AAE9-4797E0A3EC8C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{7DDFC044-9376-4B16-A2C7-D826D612E5F0}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{91FE8789-DE56-448B-9E13-68B5B93F55DF}C:\windows\desktop\quake2 demo\install\data\quake2.exe" = protocol=6 | dir=in | app=c:\windows\desktop\quake2 demo\install\data\quake2.exe |
"TCP Query User{951D4904-A495-4DFD-8113-3AF0FEDC3896}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{99B232E4-51DC-4159-A831-BF05BACCDB62}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{9CF87264-69FC-4744-BC46-949973BF6FC9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{A2003CEB-CBC3-4281-9F40-F1A408EEACE1}C:\program files (x86)\city interactive\sniper ghost warrior\sniper_x86.exe" = protocol=6 | dir=in | app=c:\program files (x86)\city interactive\sniper ghost warrior\sniper_x86.exe |
"TCP Query User{B8E5B1B1-FCCF-4C39-8403-6D894A7E1803}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{D3493DC1-837F-4B1B-8B3C-36184EF472F6}C:\program files (x86)\thehunter\launcher\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thehunter\launcher\launcher.exe |
"TCP Query User{D40C6CB8-246E-4144-9C46-373EB997506A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{F9C33A77-5565-47D0-BEEA-BE94E954C4C8}C:\program files (x86)\steam\steamapps\agentred92\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\agentred92\half-life deathmatch source\hl2.exe |
"TCP Query User{FF283293-09E7-4D1C-A9D7-621A826A6291}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{028D0C46-1B3B-40C9-8D3B-E3585BBE0441}C:\program files (x86)\city interactive\sniper ghost warrior\sniper_x86.exe" = protocol=17 | dir=in | app=c:\program files (x86)\city interactive\sniper ghost warrior\sniper_x86.exe |
"UDP Query User{08BC41AD-C9FB-4DE2-B68B-9DD21420EF60}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{092E01F6-4D9E-4758-855F-1E3AB7070F1A}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{155B5774-36E7-4537-8102-81B2A74A5931}C:\program files (x86)\global star software\jetfighter 2015\real\jet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\global star software\jetfighter 2015\real\jet.exe |
"UDP Query User{1E54E9CE-1D58-4E6E-A0D4-29F71543B283}C:\windows\desktop\quake2 demo\install\data\quake2.exe" = protocol=17 | dir=in | app=c:\windows\desktop\quake2 demo\install\data\quake2.exe |
"UDP Query User{24A0AFBF-5F6B-40E6-B4DF-42B5B5F5823F}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{300D1AEE-EE25-4E3C-ABD9-CD290719B748}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{35832757-560F-4A0D-B474-EABD0B81A2EC}C:\program files (x86)\steam\steamapps\agentred92\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\agentred92\half-life deathmatch source\hl2.exe |
"UDP Query User{413E384A-1056-46AE-8A63-FA5757E90C54}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{457AA09C-A535-4176-A8B0-CEE5586B6DCF}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{522104EE-BB74-4B03-AE25-E461B89A6AA4}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{6E1A65A5-FC9B-4C3E-B90E-B4F0C98FB064}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{73400F1C-4D53-4CE9-9771-110949F2C4F6}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{74BB97D4-4A2F-4705-8BBB-5C5AF0C7A3D8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9A90A165-AE07-4581-93D1-BECD8503E29E}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{A305DE89-B97A-4095-BE61-5996640F78A9}C:\program files (x86)\thehunter\launcher\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thehunter\launcher\launcher.exe |
"UDP Query User{B1D494D3-CB9F-47FF-BCD0-CA51F03BCD4A}C:\program files (x86)\mta san andreas 1.3\server\mta server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mta san andreas 1.3\server\mta server.exe |
"UDP Query User{BD129BBE-BCE1-4195-983D-B76B5B71E93C}C:\program files\neo irc 1.7\mirc.exe" = protocol=17 | dir=in | app=c:\program files\neo irc 1.7\mirc.exe |
"UDP Query User{D6CA1926-0ECA-4F57-8A5C-C7FBCFBDF530}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{EFE3D810-2695-4864-B6E9-657A03EFAC6D}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{F2569717-9E6E-425F-A747-540BB3DCB7E0}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F63B25EE-7BC5-4F00-8A95-1784A987AF41}C:\program files\neo irc 1.7\mirc.exe" = protocol=17 | dir=in | app=c:\program files\neo irc 1.7\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{21D0374C-C358-0748-CAF9-7CBE65EB6FFF}" = AMD Fuel
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{43EBA222-8DF7-11E1-862B-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{49F6DFDE-8DF7-11E1-9E5F-F04DA23A5C58}" = MSVCRT Redists
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82EE86D9-60B9-1025-9960-97E9B7C7B4B4}" = AMD Drag and Drop Transcoding
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Titanium
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"Explorer Suite_is1" = Explorer Suite III
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029DE794-21C8-499E-B9E7-B965AAAC2187}_is1" = 123 AVI to GIF Converter 4.0
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0489621E-DE2A-11E0-93EA-F04DA23A5C58}" = DVD Architect Studio 5.0
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0F733E11-408E-11E1-B5FE-F04DA23A5C58}" = MSVCRT Redists
"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{15CE06C3-A218-4D72-A873-89E5A03FE0DB}" = BCC 8 OFX 32Bit
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{25499E8B-7746-4DDE-BD8B-A8CB3CDF9EE4}" = Minecraft Version Changer
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{30ED44CB-7314-4C6E-800C-C4BADDE67D8A}" = 18 Wheels of Steel Extreme Trucker
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"{50542AEE-76BD-4BCD-A890-E2FF4D4E051A}" = Camtasia Studio 8
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5492EC47-EADA-41FA-955F-5C0B488F1170}" = Tube Increaser
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{682ECBA1-5411-11E1-A3FB-F04DA23A5C58}" = Vegas Movie Studio HD 11.0
"{6C3BEF70-5411-11E1-AED6-F04DA23A5C58}" = MSVCRT Redists
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese

Ryan O'Brien, Jul 21, 2012

#54
Ryan O'Brien Newcomer, in training Posts: 65

"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{81BBE880-5409-11E1-BF7F-F04DA23A5C58}" = Vegas Movie Studio HD Platinum 11.0
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9ED06229-1F1B-4AE2-970D-5F731E8C8C35}" = Hunting Unlimited 2010
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3026F68-E231-4BE9-BAFB-B9110BA49829}_is1" = Mac Skin version 1.5
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars(TM)
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9040E9E-D0FA-4E7A-AED0-BB5F9D670375}" = Action!
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D9DF8D5A-2160-402B-819F-A5A964215528}_is1" = RegistryNuke 2012 version 2.0.0.86
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DCA75ECE-39A9-0648-CB77-F6D759364CF9}" = Application Profiles
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E085FD28-F22C-4D41-00A1-F0751BF8EFC1}" = Need for Speed™ Most Wanted PC Demo
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
"{EBAEEE00-5412-11E1-B144-001676AB6D60}" = MSVCRT Redists
"{ED94BE03-E6CC-4268-B03A-92080E3035A6}_is1" = MCSkin3D version 1.3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F868C16D-75F8-4EE8-BCBF-422D0833415D}_is1" = Open PLS in Windows Media Player 2.3.0
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
"{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}" = Call of Duty(R) 2 Demo
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"18 Wheels of Steel: American Long Haul" = 18 Wheels of Steel: American Long Haul
"18 WoS Extreme Trucker 2" = 18 WoS Extreme Trucker 2 (v.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Asus Vibe2.0" = AsusVibe2.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"blekkotb_032" = blekko search bar
"Browser Defender_is1" = Browser Guard 4.0
"Bus Driver" = Bus Driver 1.5
"Cobalt" = Cobalt
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Deer Drive" = Deer Drive 1.51T
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"EADM" = EA Download Manager
"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
"Euro Truck Simulator" = Euro Truck Simulator 1.3
"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
"Fallout_is1" = Fallout
"FL Studio 10" = FL Studio 10
"Fraps" = Fraps (remove only)
"Free YouTube Uploader_is1" = Free YouTube Uploader version 3.3.33.627
"Game Booster_is1" = Game Booster 3
"German Truck Simulator" = German Truck Simulator 1.00
"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"Google Chrome" = Google Chrome
"GTA IV - 100% Savegame File (Vista) 1.0" = GTA IV - 100% Savegame File (Vista) 1.0
"GTA IV Vehicle Mod Installer v1.2_is1" = GTA IV Vehicle Mod Installer v1.2
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"ImageToAVI_is1" = ImageToAVI 1.0.0.5
"Impulse®" = Impulse®
"Install Creator" = Install Creator
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars(TM)
"InstallShield_{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}" = Call of Duty(R) 2 Demo
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"jet_fighter_2015_usa" = JETFIGHTER 2015
"Jetfighter 2015" = Jetfighter 2015 (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"mIRC" = mIRC
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3
"NeO IRC - www.team-neo.com" = NeO IRC - www.team-neo.com
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"PalTalk8.2" = Paltalk Messenger
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"SCANIA Truck Driving Simulator" = SCANIA Truck Driving Simulator 1.0.0
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"Smart Install Maker 5.04" = Smart Install Maker 5.04
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior (1.0)
"Spyware Doctor" = PC Tools Spyware Doctor with AntiVirus 9.0
"Steam App 10" = Counter-Strike
"Steam App 107400" = ARMA 2: Free
"Steam App 113400" = APB Reloaded
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 1250" = Killing Floor
"Steam App 1280" = Darkest Hour: Europe '44-'45
"Steam App 204340" = Serious Sam 2
"Steam App 210470" = Sniper Elite V2 Demo
"Steam App 240" = Counter-Strike: Source
"Steam App 2630" = Call of Duty 2
"Steam App 2990" = FlatOut 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 38830" = CrimeCraft GangWars
"Steam App 4000" = Garry's Mod
"Steam App 410" = Portal: First Slice
"Steam App 47410" = Stronghold Kingdoms
"Steam App 47760" = Mass Effect 2 Demo
"Steam App 50130" = Mafia II
"Steam App 6230" = FlatOut Demo
"Steam App 6860" = Hitman: Blood Money
"Steam App 9930" = Test Drive Unlimited 2
"theHunter" = theHunter (remove only)
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"UK Truck Simulator" = UK Truck Simulator 1.32
"Vegas Pro" = Vegas Pro 11.0
"VideoAvatar_is1" = VideoAvatar
"WindowBlinds" = WindowBlinds
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"World of Warcraft" = World of Warcraft
"YoutubePlus" = YoutubePlus
"ZD Soft Game Recorder" = ZD Soft Game Recorder

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3a23ab72acc2090b" = EncryptFile
"Dropbox" = Dropbox
"e55b814e55744b76" = Best Buy pc app
"FRAPS" = FRAPS
"Minecontrol for Minecraft" = Minecontrol for Minecraft

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2012 9:28:45 AM | Computer Name = Ryan-PC | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0066): Streaming Failed

Error - 7/20/2012 9:41:21 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time
stamp: 0x4ce7abf9 Faulting module name: VIASysFx.dll, version: 1.0.0.0, time stamp:
0x4d8bf72b Exception code: 0xc0000005 Fault offset: 0x0000000000059f9d Faulting process
id: 0x1098 Faulting application start time: 0x01cd667d12907a2d Faulting application
path: C:\Windows\system32\AUDIODG.EXE Faulting module path: C:\Windows\system32\VIASysFx.dll
Report
Id: 96721031-d270-11e1-81eb-5404a68a5320

Error - 7/20/2012 1:59:15 PM | Computer Name = Ryan-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/20/2012 2:03:07 PM | Computer Name = Ryan-PC | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 7/20/2012 2:05:06 PM | Computer Name = Ryan-PC | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0066): Streaming Failed

Error - 7/20/2012 2:55:54 PM | Computer Name = Ryan-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/20/2012 2:59:10 PM | Computer Name = Ryan-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/20/2012 3:03:10 PM | Computer Name = Ryan-PC | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 7/20/2012 3:05:26 PM | Computer Name = Ryan-PC | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0066): Streaming Failed

Error - 7/20/2012 3:17:39 PM | Computer Name = Ryan-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/20/2012 3:18:35 PM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4fd626ed Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
id: 0x75c Faulting application start time: 0x01cd66ac45a509fc Faulting application
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: b362aaa7-d29f-11e1-b0f2-5404a68a5320

[ System Events ]
Error - 7/21/2012 10:03:33 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 7/21/2012 10:03:34 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/21/2012 10:03:34 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/21/2012 10:03:34 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/21/2012 10:05:32 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/21/2012 10:05:32 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/21/2012 10:05:32 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/21/2012 10:10:32 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/21/2012 10:10:32 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/21/2012 10:10:32 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

< End of report >

Ryan O'Brien, Jul 21, 2012

#55

Broni Malware Annihilator Posts: 39,288 +175

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
[2012/07/16 22:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryNuke 2012
[2012/07/16 22:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegistryNuke 2012
[2012/07/16 22:28:44 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\RegistryNuke 2012.lnk
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
SRV - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
DRV:64bit: - [2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/21 18:40:02 | 000,000,000 | ---D | M]
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:FB6A21E3
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Services

:Reg

:Files
C:\Program Files (x86)\PC Tools

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
========================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Broni, Jul 22, 2012

#56

Ryan O'Brien Newcomer, in training Posts: 65

Ran OTL in safe mode because it kept saying "Not responding"

========== OTL ==========
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryNuke 2012\ not found.
Folder C:\Program Files (x86)\RegistryNuke 2012\ not found.
File C:\Users\Public\Desktop\RegistryNuke 2012.lnk not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Error: No service named Browser Defender Update Service was found to stop!
Service\Driver key Browser Defender Update Service not found.
File C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe not found.
Error: No service named sdCoreService was found to stop!
Service\Driver key sdCoreService not found.
File C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe not found.
Error: No service named sdAuxService was found to stop!
Service\Driver key sdAuxService not found.
File C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe not found.
Error: No service named PCTBD was found to stop!
Service\Driver key PCTBD not found.
File C:\Windows\SysNative\drivers\PCTBD64.sys not found.
Error: No service named PCTSD was found to stop!
Service\Driver key PCTSD not found.
File C:\Windows\SysNative\drivers\PCTSD64.sys not found.
Error: Unable to stop service PCTCore!
Unable to delete service\driver key PCTCore.
C:\Windows\SysNative\drivers\PCTCore64.sys moved successfully.
Error: Unable to stop service pctEFA!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pctEFA deleted successfully.
C:\Windows\SysNative\drivers\pctEFA64.sys moved successfully.
Error: Unable to stop service pctDS!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pctDS deleted successfully.
C:\Windows\SysNative\drivers\pctDS64.sys moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ deleted successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
File C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
File C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll not found.
ADS C:\ProgramData\TEMP:FB6A21E3 deleted successfully.
ADS C:\Windows\SysWow64\zlib.dll:SummaryInformation deleted successfully.
ADS C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\BpDatabase folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\SpamMonitor folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\plugins folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\PCTUI folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\NetworkLayer\lang folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\NetworkLayer folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\Lang\sdloader folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\Lang folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\WCID folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\9\WINNT_x86-msvc\components folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\9\WINNT_x86-msvc folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\9 folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\8\WINNT_x86-msvc\components folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\8\WINNT_x86-msvc folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\8 folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\7\WINNT_x86-msvc\components folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\7\WINNT_x86-msvc folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\7 folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\6\WINNT_x86-msvc\components folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\6\WINNT_x86-msvc folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\6 folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\5\WINNT_x86-msvc\components folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\5\WINNT_x86-msvc folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\5 folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\13\WINNT_x86-msvc\components folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\13\WINNT_x86-msvc folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\13 folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\12\WINNT_x86-msvc\components folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\12\WINNT_x86-msvc folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\12 folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\11\WINNT_x86-msvc\components folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\11\WINNT_x86-msvc folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\11 folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\10\WINNT_x86-msvc\components folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\10\WINNT_x86-msvc folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform\10 folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\platform folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\data folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\components folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\DRM folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\avengine folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\avdb\201207161143 folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\avdb folder moved successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security folder moved successfully.
C:\Program Files (x86)\PC Tools folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.54.0 log created on 07222012_120929

Ryan O'Brien, Jul 22, 2012

#57
Ryan O'Brien Newcomer, in training Posts: 65

Security check checkup.txt (ran in safe mode)

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
PC Tools Spyware Doctor with AntiVirus 9.0
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
PC Tools Spyware Doctor with AntiVirus 9.0
Java(TM) 6 Update 31
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Ryan O'Brien, Jul 22, 2012

#58
Ryan O'Brien Newcomer, in training Posts: 65

restarted in safe mode and my cursor won't move? start button, and ctrl+alt+del is non responsive
I can use a key to open up a calculator, so it's not the keyboard that isn't working

Ryan O'Brien, Jul 22, 2012

#59
Broni Malware Annihilator Posts: 39,288 +175

Why in safe mode?
Restart to normal mode and see how it goes.

Broni, Jul 22, 2012

#60

Page 3 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.