Solved "Name Not Available" Service

AdwCleaner report.


# AdwCleaner v3.016 - Report created 05/01/2014 at 21:30:21
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jonathan Wolff - WOLFF
# Running from : C:\Users\Jonathan Wolff\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Jonathan Wolff\AppData\Roaming\NCH Software
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam_RASMANCS
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Jonathan Wolff\AppData\Roaming\Mozilla\Firefox\Profiles\pki4lbql.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Jonathan Wolff\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1622 octets] - [05/01/2014 21:29:42]
AdwCleaner[S0].txt - [1442 octets] - [05/01/2014 21:30:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1502 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by Jonathan Wolff on Sun 01/05/2014 at 21:34:42.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Jonathan Wolff\AppData\Roaming\mozilla\firefox\profiles\pki4lbql.default\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/05/2014 at 21:39:04.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 1/5/2014 9:42:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonathan Wolff\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.93 Gb Total Physical Memory | 6.57 Gb Available Physical Memory | 82.87% Memory free
15.86 Gb Paging File | 14.42 Gb Available in Paging File | 90.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 547.01 Gb Free Space | 58.73% Space Free | Partition Type: NTFS
Computer Name: WOLFF | User Name: Jonathan Wolff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/05 21:41:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan Wolff\Desktop\OTL.exe
PRC - [2014/01/05 15:17:49 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/05 15:17:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/09/12 00:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/27 16:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/05/21 03:26:26 | 000,291,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2014/01/05 15:17:49 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
========== Services (SafeList) ==========
SRV:64bit: - [2014/01/05 15:17:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/08/27 16:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/21 13:23:52 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/12 00:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/27 16:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/01/05 15:18:57 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/05 15:17:49 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/05 15:17:49 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/05 15:17:49 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/05 15:17:49 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/01/05 15:17:49 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/05 15:17:49 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/18 22:57:55 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2013/08/20 08:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 07:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/11 21:43:00 | 000,379,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\V0760Vid.sys -- (V0760Vid)
DRV:64bit: - [2012/06/13 01:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/06/04 14:11:48 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/21 03:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/05/21 03:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/05/21 03:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/09/05 10:28:16 | 000,178,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E F8 D7 2A E1 C2 CE 01 [binary data]
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E F8 D7 2A E1 C2 CE 01 [binary data]
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2333663110-99850075-2660629624-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.13
FF - prefs.js..extensions.enabledAddons: fassoxpcom%40sensiblevision.com:1.30
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2013/12/25 10:53:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/05 15:17:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/10/11 18:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan Wolff\AppData\Roaming\Mozilla\Extensions
[2013/12/14 23:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan Wolff\AppData\Roaming\Mozilla\Firefox\Profiles\pki4lbql.default\extensions
[2013/10/11 20:11:21 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Jonathan Wolff\AppData\Roaming\Mozilla\Firefox\Profiles\pki4lbql.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/14 23:34:25 | 000,287,503 | ---- | M] () (No name found) -- C:\Users\Jonathan Wolff\AppData\Roaming\Mozilla\Firefox\Profiles\pki4lbql.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/12/21 13:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/21 13:23:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/25 10:53:11 | 000,000,000 | ---D | M] (FastAccess Web Login) -- C:\PROGRAM FILES (X86)\SENSIBLE VISION\FAST ACCESS\XPCOM_FASSO
[2014/01/05 15:17:50 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Jonathan Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jonathan Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jonathan Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jonathan Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FastAccess SSO = C:\Users\Jonathan Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\feocblgcojafilfbgoineopkngchgaei\1.0.0.32_0\
CHR - Extension: avast! Online Security = C:\Users\Jonathan Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: Google Wallet = C:\Users\Jonathan Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Jonathan Wolff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/01/05 18:48:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2333663110-99850075-2660629624-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2333663110-99850075-2660629624-1004..\RunOnce: [CTPostBootSequencer] "C:\Users\JONATH~1\AppData\Local\Temp\CTPBSeq.exe" /reglaunch /self_destruct File not found
O4 - HKU\S-1-5-21-2333663110-99850075-2660629624-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2333663110-99850075-2660629624-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2333663110-99850075-2660629624-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2333663110-99850075-2660629624-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A2ADE18-58CE-4D90-9817-17DD3ACB952B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB99550E-570F-49F4-9693-E86AB3B2777F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll (Sensible Vision )
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/05 21:40:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonathan Wolff\Desktop\OTL.exe
[2014/01/05 21:34:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/05 21:33:01 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Jonathan Wolff\Desktop\JRT.exe
[2014/01/05 21:29:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/05 18:50:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/05 18:50:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/05 18:42:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/05 18:42:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/05 18:42:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/05 18:37:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/05 18:36:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/05 18:16:58 | 005,160,001 | R--- | C] (Swearware) -- C:\Users\Jonathan Wolff\Desktop\ComboFix.exe
[2014/01/05 17:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/05 17:32:10 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/05 17:31:32 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\Desktop\MBAR
[2014/01/05 17:27:05 | 000,726,160 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2014/01/05 17:26:55 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/05 17:26:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
[2014/01/05 17:26:50 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/05 17:26:42 | 002,736,640 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys.bak
[2014/01/05 17:26:42 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/05 17:25:47 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\Desktop\RK_Quarantine
[2014/01/05 17:08:47 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\Jonathan Wolff\Desktop\BlitzBlank.exe
[2014/01/05 16:43:04 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\Desktop\rkill
[2014/01/05 16:42:40 | 001,937,144 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jonathan Wolff\Desktop\rkill.exe
[2014/01/05 15:19:10 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Roaming\AVAST Software
[2014/01/05 15:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/05 15:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/05 15:18:02 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Local\Google
[2014/01/05 15:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/01/05 15:17:58 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/05 15:17:56 | 001,034,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/05 15:17:56 | 000,422,216 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/05 15:17:56 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/05 15:17:55 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/05 15:17:51 | 000,334,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/05 15:17:49 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/05 15:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/01/05 15:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/01/05 15:13:59 | 091,412,976 | ---- | C] (AVAST Software) -- C:\Users\Jonathan Wolff\Desktop\avast_free_antivirus_setup.exe
[2014/01/05 08:56:42 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Local\ElevatedDiagnostics
[2014/01/04 02:43:41 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Roaming\Malwarebytes
[2014/01/04 02:43:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/04 02:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/04 02:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/04 02:28:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/01/04 01:59:59 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/01/02 20:17:52 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Local\CrashRpt
[2014/01/02 20:17:45 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\Documents\Square Enix
[2013/12/29 17:07:58 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\Documents\OFX Presets
[2013/12/26 19:22:59 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Roaming\Titler
[2013/12/26 19:22:59 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\Documents\NewBlueFX
[2013/12/26 19:22:57 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Local\LooksBuilder
[2013/12/25 11:46:46 | 000,000,000 | ---D | C] -- C:\Magic Bullet QuickLooks for Movie Studio
[2013/12/25 11:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LooksBuilder
[2013/12/25 11:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iZotope
[2013/12/25 11:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2013/12/25 11:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\OFX
[2013/12/25 11:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
[2013/12/25 11:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\NewBlue
[2013/12/25 11:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewBlue
[2013/12/25 11:38:32 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Roaming\Publish Providers
[2013/12/25 11:36:55 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\Documents\Movie Studio Platinum 12.0 Projects
[2013/12/25 11:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013/12/25 11:36:04 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Local\Sony
[2013/12/25 11:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013/12/25 11:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2013/12/25 11:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013/12/25 11:34:17 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Roaming\Sony
[2013/12/25 11:20:43 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Roaming\Reallusion
[2013/12/25 11:02:12 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
[2013/12/25 10:55:52 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Roaming\Creative
[2013/12/25 10:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013/12/25 10:53:56 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Local\Pechora
[2013/12/25 10:53:56 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotoCamera
[2013/12/25 10:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GotoCamera
[2013/12/25 10:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Roaming\Mobideos
[2013/12/25 10:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sensible Vision
[2013/12/25 10:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastAccess Facial Recognition
[2013/12/25 10:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013/12/25 10:51:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013/12/21 13:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/20 21:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013/12/15 00:14:05 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/12/12 23:27:39 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\AppData\Local\Warframe
[2013/12/08 13:37:28 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Wolff\Documents\SART
[2013/12/08 13:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/05 21:41:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan Wolff\Desktop\OTL.exe
[2014/01/05 21:38:37 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 21:38:37 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 21:38:16 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/05 21:38:16 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/05 21:38:16 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/05 21:33:04 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Jonathan Wolff\Desktop\JRT.exe
[2014/01/05 21:31:42 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/05 21:31:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/05 21:31:16 | 2090,459,135 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/05 21:23:17 | 001,233,962 | ---- | M] () -- C:\Users\Jonathan Wolff\Desktop\adwcleaner.exe
[2014/01/05 19:22:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/05 18:48:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/05 18:17:02 | 005,160,001 | R--- | M] (Swearware) -- C:\Users\Jonathan Wolff\Desktop\ComboFix.exe
[2014/01/05 17:44:11 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/05 17:27:05 | 000,726,160 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2014/01/05 17:26:55 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/05 17:26:55 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
[2014/01/05 17:26:50 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/05 17:26:43 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys.bak
[2014/01/05 17:26:42 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/05 17:25:17 | 004,406,784 | ---- | M] () -- C:\Users\Jonathan Wolff\Desktop\RogueKillerX64.exe
[2014/01/05 17:11:31 | 000,002,279 | ---- | M] () -- C:\Users\Jonathan Wolff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/05 17:08:49 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Jonathan Wolff\Desktop\BlitzBlank.exe
[2014/01/05 17:07:09 | 000,000,083 | ---- | M] () -- C:\Windows\SysNative\iqsp.pwp
[2014/01/05 16:42:42 | 001,937,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jonathan Wolff\Desktop\rkill.exe
[2014/01/05 15:19:02 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/05 15:18:57 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/05 15:17:49 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/05 15:17:49 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/05 15:17:49 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/05 15:17:49 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/05 15:17:49 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/05 15:17:49 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/05 15:17:49 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/05 15:17:49 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/05 15:17:09 | 091,412,976 | ---- | M] (AVAST Software) -- C:\Users\Jonathan Wolff\Desktop\avast_free_antivirus_setup.exe
[2014/01/04 02:43:35 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/04 00:52:29 | 000,037,376 | ---- | M] () -- C:\Windows\SysNative\zotf.beu
[2014/01/04 00:52:29 | 000,000,097 | ---- | M] () -- C:\Windows\SysNative\tngi.ijx
[2014/01/04 00:42:12 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\ayrz.ppu
[2014/01/04 00:26:41 | 000,219,314 | --S- | M] () -- C:\Windows\SysNative\ayqgkw.cpb
[2013/12/26 21:12:15 | 000,007,168 | ---- | M] () -- C:\Users\Jonathan Wolff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/25 10:55:28 | 000,273,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/25 10:53:56 | 000,001,084 | ---- | M] () -- C:\Users\Jonathan Wolff\Application Data\Microsoft\Internet Explorer\Quick Launch\GotoCamera Client.lnk
[2013/12/25 10:53:53 | 000,002,649 | ---- | M] () -- C:\Users\Public\Desktop\mobilecamstreamer.lnk
[2013/12/21 03:33:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/12/12 18:33:49 | 000,000,000 | -H-- | M] () -- C:\Users\Jonathan Wolff\Documents\Default.rdp
[2013/12/08 13:35:48 | 000,771,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/05 21:23:14 | 001,233,962 | ---- | C] () -- C:\Users\Jonathan Wolff\Desktop\adwcleaner.exe
[2014/01/05 18:42:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/05 18:42:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/05 18:42:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/05 18:42:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/05 18:42:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/05 17:25:15 | 004,406,784 | ---- | C] () -- C:\Users\Jonathan Wolff\Desktop\RogueKillerX64.exe
[2014/01/05 15:19:02 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/05 15:18:41 | 000,002,279 | ---- | C] () -- C:\Users\Jonathan Wolff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/05 15:18:13 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/05 15:18:09 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/05 15:17:57 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/05 15:17:57 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/04 02:43:35 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/04 00:52:29 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\zotf.beu
[2014/01/04 00:42:29 | 000,000,083 | ---- | C] () -- C:\Windows\SysNative\iqsp.pwp
[2014/01/04 00:42:12 | 000,000,097 | ---- | C] () -- C:\Windows\SysNative\tngi.ijx
[2014/01/04 00:42:12 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\ayrz.ppu
[2014/01/04 00:26:41 | 000,219,314 | --S- | C] () -- C:\Windows\SysNative\ayqgkw.cpb
[2013/12/25 11:23:38 | 000,007,168 | ---- | C] () -- C:\Users\Jonathan Wolff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/25 10:54:27 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2013/12/25 10:54:04 | 000,057,656 | ---- | C] () -- C:\Windows\SysNative\drivers\V0760PC.bmp
[2013/12/25 10:54:04 | 000,004,418 | ---- | C] () -- C:\Windows\VF0760.uns
[2013/12/25 10:53:56 | 000,001,084 | ---- | C] () -- C:\Users\Jonathan Wolff\Application Data\Microsoft\Internet Explorer\Quick Launch\GotoCamera Client.lnk
[2013/12/25 10:53:53 | 000,002,661 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mobilecamstreamer.lnk
[2013/12/25 10:53:53 | 000,002,649 | ---- | C] () -- C:\Users\Public\Desktop\mobilecamstreamer.lnk
[2013/12/25 10:52:11 | 000,057,656 | ---- | C] () -- C:\Windows\SysNative\drivers\FilterPC.bmp
[2013/12/25 10:52:11 | 000,024,995 | ---- | C] () -- C:\Windows\SysNative\drivers\FilterPC.jpg
[2013/12/21 03:33:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/12/12 18:33:49 | 000,000,000 | -H-- | C] () -- C:\Users\Jonathan Wolff\Documents\Default.rdp
[2013/12/08 13:35:47 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/16 22:44:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2013/10/06 17:03:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/10/06 17:02:58 | 000,042,185 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 22:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 22:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/12/30 19:41:48 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\.minecraft
[2013/12/30 22:56:18 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\.technic
[2013/11/08 13:09:55 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\Audacity
[2014/01/05 15:19:10 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\AVAST Software
[2013/12/25 10:53:53 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\Mobideos
[2013/10/19 14:04:14 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\OBS
[2013/12/25 11:38:32 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\Publish Providers
[2013/10/12 20:59:07 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\Rainmeter
[2013/12/29 00:57:16 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\Sony
[2013/10/12 20:02:33 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\SplitMediaLabs
[2013/12/26 19:22:59 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\Titler
[2013/10/14 16:02:43 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\TP-LINK
[2013/10/12 20:42:52 | 000,000,000 | ---D | M] -- C:\Users\Jonathan Wolff\AppData\Roaming\uTorrent
========== Purity Check ==========

< End of report >
 
OTL Extras logfile created on: 1/5/2014 9:42:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonathan Wolff\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.93 Gb Total Physical Memory | 6.57 Gb Available Physical Memory | 82.87% Memory free
15.86 Gb Paging File | 14.42 Gb Available in Paging File | 90.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 547.01 Gb Free Space | 58.73% Space Free | Partition Type: NTFS
Computer Name: WOLFF | User Name: Jonathan Wolff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2333663110-99850075-2660629624-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0878518D-EA92-4505-BF66-F2FB5B1C786D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0B556CC5-6390-47CF-8CAE-A48E5E17A206}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0ED74704-9FAE-4ED1-BA00-CDE2E824E388}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{1CAEFC6B-4F4B-4BD3-B436-FBAB1484212A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D863DE2-9D0D-4135-B2DC-F23F1D6A49E6}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{2A248D9C-59CD-4D06-AE18-A9A220A38FB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{316E0509-89C5-4F22-B13F-9AA5B17A2283}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{375D159A-7C4C-4294-A975-99A9DA2F9477}" = lport=138 | protocol=17 | dir=in | app=system |
"{42230580-25ED-41DB-9F1D-306F7C0BDB0C}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D9560E8-3B74-4509-8D29-03E572C1610F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4ED916F3-B8AE-4686-9FCB-9AA509587470}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{51B5ECBF-34FD-4227-BFDB-DAD575780669}" = lport=137 | protocol=17 | dir=in | app=system |
"{546B1655-341B-446F-9E62-0247496068FA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{55C6D9A2-0E82-483B-A418-D1A4D86E3BAE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F8C80AA-32C6-4528-8B7A-56E2969BAA8B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{664206EF-444C-4FFB-9FA8-EDD066296A6E}" = rport=138 | protocol=17 | dir=out | app=system |
"{6E089888-C6D6-459D-8D99-7FB5505B2CB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{73D0A55A-3723-4618-8043-57C93D51D49F}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{782FC94A-EB58-480C-ACBA-8981961DA386}" = rport=445 | protocol=6 | dir=out | app=system |
"{87F6827D-0045-4685-8E49-0998C433074D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\remotecrashsender.exe |
"{8CEB3672-BCCC-4BC7-BAD2-EB0BB8838D4F}" = rport=137 | protocol=17 | dir=out | app=system |
"{91FC73D1-F343-472F-96FF-88D868BE85D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{958B1187-0D7A-42E3-BDDD-24226A01552D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C3AF06E1-897E-41D5-8C44-1D5B5CCAC790}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4EFAB58-9B0D-49E0-9C58-D64E21D931F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{E2887FA8-3DFF-4698-90FE-B0E88A3EB7D6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E9750357-D0F8-4FA5-99E9-B60C8EEDF3D8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE6794BD-85E8-4034-84B9-422EBA25C5BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD6BBB37-CF8F-4F95-A229-379C62AB2CC1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0293D8F6-251C-4C42-AAB3-DC5EBE600B43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe |
"{02EE050E-2FDB-4679-BCE9-F17867611298}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04D90098-263F-41B8-8A96-A4BDA14787B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{07F5A369-9DC1-419A-9CE0-B39C7E0604DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\elsword\essteam.exe |
"{090605D1-90C4-4FCB-B61C-B34717A2F427}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\elsword\essteam.exe |
"{0908BA87-8FB3-43F0-A986-9E42AB99FF3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{0A4F54BD-5611-466C-B1DC-B8E70C5CC910}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0C986A9E-03DF-49E7-81E4-CF68E982E8E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{0E4C6953-58BE-40AD-9EFE-6CB7F8B3B33D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{0EF6AAF1-F300-49BC-BF4D-70BD19180647}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{18A462A2-F674-406A-810B-AE2296FFDE57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\elsword\essteam.exe |
"{198B63E0-0AA4-424A-AD14-6CC0A6888F94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ridge racer driftopia\ridge racer driftopia_f9f6997e.exe |
"{199B34F2-0A33-4475-A21B-AA6AFA8836B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1A4C2C97-C3BD-4DDA-AA43-2A17258A0EE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{1B395597-5EA7-4636-B6F4-77305B051942}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{214E9135-5F3B-41A9-859E-937BB4E26986}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{243AC72A-EBE2-4D2D-9623-10317C961D0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28C24106-12B5-4BDC-B24C-ACE61B012863}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{29039789-197E-44C7-B054-978D4BB57340}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{2B2F87A2-3B7B-4629-B317-F647B25A755D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ridge racer driftopia\ridge racer driftopia_f9f6997e.exe |
"{2BD11BD9-9080-4933-ACD8-2E25C5CDC311}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
"{2CD8D0F4-F119-41B7-827B-69E0AAED9EE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{2CEC734F-24C0-4060-B972-92B06B2544A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ridge racer driftopia\ridge racer driftopia_46358301.exe |
"{2F9F6F24-4F0B-4E7B-9AAE-6C894CD19C8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{323313CE-8C51-43A6-B487-15B55583B3CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\synergy\hl2.exe |
"{363200E9-6336-428E-97FD-FA5AC9532F37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{3722F417-1093-479B-AEF6-53FA9B1B1AB2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{373367EF-81DE-4F2A-BC99-D9198AD6CEC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ridge racer driftopia\ridge racer driftopia_46358301.exe |
"{3ADC2D84-A18B-4220-B534-89FD7BE7EC38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{3B8FBD9F-7B6D-4089-A60C-43B29A90BF98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{420B690A-8ABA-42A0-BD4E-AE78D5F800CA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4477F7E5-D5C4-408A-9A95-DC1164DE8E00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cities in motion 2\cim2.exe |
"{44CE775D-9ECF-4029-9518-3F7140F12EAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{45E6242E-7F21-46BC-816F-59CC84FE692B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe |
"{468B31C5-94FA-4E64-8ED9-0913499318DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{48185D1E-E527-43D8-A5E5-BBD24CD89DC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
"{4A2B096E-327B-4D86-84E2-3138660D8621}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\elsword\essteam.exe |
"{4DA8870A-7672-4E40-A73F-04F8005B1AC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{52FDBA0F-3E66-47AF-8374-B21C94AE96FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the stanley parable\stanley.exe |
"{55C16A4F-3413-4BF0-A6C0-BC51580EFA36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{575C6571-F554-4D58-BA11-D3224C837723}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{580E6D49-E8E0-492E-A520-F05A2F4B89F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{594A4137-C82B-4B33-A08A-78DF8D04EB85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{5B432BA5-C7A1-4353-B4CD-8BB5481344D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\synergy\hl2.exe |
"{5D404B16-186B-48C5-B382-634EB98B7868}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fez\fez.exe |
"{5DEFF3A2-ED85-45AF-8706-B457A25DF8C0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5F36BF82-E76E-46A4-9086-DDCD8BE6B87A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\synergy\hl2.exe |
"{60E36E1D-031D-4357-9E1C-476B155D52B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the stanley parable\stanley.exe |
"{61CA403D-9062-4D84-9FEF-757206B839C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\synergy\hl2.exe |
"{6243CF43-743F-4A56-90C5-AFA684E5C21F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63129CCC-691F-4D06-B9E6-665F61A1821C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{6337EC89-F234-48AA-8BF1-F8008430D174}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fez\fez_launchoptions.exe |
"{655336EA-E972-4954-A1FB-39C7D31C797A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{682A3023-1A8E-4ED5-8967-6DDE09AB9494}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{68DBE9F7-CDCA-48D1-91C8-3657559C3861}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{6D0A4E59-2FBF-4F33-AA5D-E847D450BA8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\launcher.exe |
"{6FF4BDD0-C5E3-4132-8CDA-D6C5E08E2952}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\launcher.exe |
"{738007A2-793F-44F6-8796-6927760FB6A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7469F410-74AB-4039-8C2B-09159A659973}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\synergy\hl2.exe |
"{74F40BB4-21C3-404E-9AD4-31B6BE2A534D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7AEE7906-190E-41C7-AEAE-EA5E3BBDA231}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fez\fez.exe |
"{7D948F0B-DA57-468B-BC2B-8ADCD87EEF69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{7E68F1E8-5BFC-4B16-926F-F25F59C914E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\synergy\hl2.exe |
"{80728807-05C2-4375-A577-CB08508A72A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80B7B734-2D77-4810-AF49-0C7061D456A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{847C2AA1-36A5-4A3D-A104-52D1E630CB8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{86137482-9B54-48DB-BBC0-0CDA81676955}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{8617FE95-978C-46DE-8ABA-B26297054771}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{8C2D9AE6-1104-4D2D-8023-B27CC430CCAB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8F5EB23D-A0AA-4F13-A80D-38833A41A0D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{909734EF-E06C-4BFF-B26A-4E443BE04A03}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\synergy\hl2.exe |
"{90CBAE9B-84D3-4373-9698-6919801F09AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
"{91364B38-BC89-4EE9-AE2E-E9AF53B2C3F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{931F2CD1-080C-4A4E-A986-16AFE313A63E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93E2A4A6-D8E5-4051-96DE-D24676DC64D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{949A37C8-D60B-432F-A9D6-22FBC3F517E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{9669FA53-26EF-4CB9-AE6C-D64FD780CA4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{96D739A5-A392-42CA-9B5D-6C2A7A36E01B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{98C9F8DD-0647-4E18-8FBD-1ED6272BBDA8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{9A641BB3-DDC3-4CCB-A24E-CC22315D63DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{9B3A942E-3BC2-4BA7-BEFF-E77597E6FE2B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A1EB86EF-A7EF-4CA5-A179-9C8E4DC4A500}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A212299B-F7FA-4677-8939-040BC06320D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{A55CF553-9EFE-4FAA-814F-A061EF48FAA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{A60A1786-59B6-4AF2-8E19-7B46AF467512}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6D9E2CF-E098-410F-8562-B8A628426BF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AACA30E0-707B-4026-A4B3-7418FF64C37E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AE377403-A811-449C-B54A-9222F6F21282}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cities in motion 2\cim2.exe |
"{AF061F79-68D3-4DCB-9AF5-E970BFFD05B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B3FC69DF-83A2-4293-9676-6D0147DAF715}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{B6E18312-D11F-4076-A132-1F23D2BA91EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{B859E51E-B0F4-41C7-96DD-A33A8CEFC77E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{B9389F9D-1BFD-4A45-ADD1-5715F78624D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{B9CC10C4-F905-4900-A3D2-C8D53DA599A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{BB217ED2-C06A-4D6D-82D2-02774CE5EAB1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BE18529A-68CC-4474-AD9D-2F471D28D2F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C2B693DD-4E52-49E9-BA88-38DF4CB4CB61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{C2EE0957-AFA5-4B37-9FB1-DCA277A42C4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C38F1889-F6AD-40ED-9888-37A61064D0FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\synergy\hl2.exe |
"{C7062528-EA8B-49CC-A4C7-9CCE49C66437}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C70F54AF-437B-4BEF-A970-6DE91FD826CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{CA526354-89B7-4175-8608-395BF34F348B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{CA85D814-8D34-4D4D-8619-4B4535932865}" = dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{CFC75837-7105-49CC-8759-5859EFA44FA1}" = protocol=6 | dir=out | app=system |
"{DA0F63B5-ED6C-4C51-AAFF-33760D1AC95F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{DD785E9D-8123-4342-A111-AF98CEA72A98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{DDE11071-413A-4256-9DB0-65CFF66F5AAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DEFF7586-1E46-40AC-9A55-52CE3ED3FFF5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe |
"{DF1679AD-A4A8-4D7E-ADFC-CC2030D9FA59}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E60CD9EC-05AF-4F03-A213-C71B084ABF75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe |
"{E9124428-C6E1-4C71-ABDD-145AB600B10E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EA6C00AA-91F9-40FB-B0A9-F9297DFD648D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{EC6EF9D0-B7A3-43CC-AFA1-351EA2963530}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{ECF040E4-A46E-44A9-9CEE-8841D6A4A41C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{EDC11203-A2A8-4134-BE02-11D2B3392868}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{EE359EEE-043D-4659-BF7C-26DD920B342D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{EE682E67-53ED-496E-A5BD-1F7F9D85A9A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fez\fez_launchoptions.exe |
"{EFC14ED6-3CB6-4099-A876-C386BDA0369A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{F322DBA3-9488-4773-B18B-6413252AF09F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F367B39C-372F-483F-BD26-9BC149593C78}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{F6706C54-41E6-4C3C-801F-9FC9123C3602}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{F8B201FB-8CFC-4D5F-A452-FABD812725F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microvolts\launcher.exe |
"{FC4BA240-7F66-44EF-A624-6A23EDBD86D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
"TCP Query User{1CB9EA3E-C9AD-4FC3-A069-1888A16955EE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{2A520A57-E04F-4220-A543-51BAAB490316}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{822DCB0D-A1BB-4C55-9F9C-D3A50E6F5716}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{C64CF1ED-BF9F-4EF5-8344-378734020659}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\aces.exe |
"TCP Query User{C95A38A1-7DE8-47DF-B6DE-32E70D7E9467}C:\users\jonathan wolff\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\jonathan wolff\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{FDD13316-C884-440E-AF76-270A3DFD4D65}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{1C3CE10E-395D-49B6-BD73-AFAA66C0BE98}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{45A51019-7208-4DAB-9B1C-4CAE74027902}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{6FD0C71F-0C49-41D0-A243-33BEEF2B625E}C:\users\jonathan wolff\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\jonathan wolff\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{7604E9F7-2446-411B-986E-B63785C6DE2E}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{8B4F1202-08A6-4F91-BC9A-B6384765B981}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\aces.exe |
"UDP Query User{F0B4C304-C72C-48E5-BDE4-E9CECAA299E7}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B2F2B1-247A-4216-997F-2BE0372FFEC9}" = Magic Bullet QuickLooks for Movie Studio 64 bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{2DFD8316-9EF1-3210-908C-4CB61961C1AC}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{59F70AEF-FBB5-4042-92CE-89C962CEF1B5}" = FastAccess
"{6BE763B0-958D-11E2-A440-F04DA23A5C58}" = Movie Studio Platinum 12.0 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{99DC65F2-E7C6-4374-A841-CB104D8F0D1D}" = SmartFTP Client
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 326.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5
"{F1590230-97C5-11E2-892D-1040F3E7010F}" = MSVCRT Redists
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Creative VF0760" = Live! Cam Connect HD 1080 VF0760 Driver (1.00.05.00)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NewBlue VideoFX for Sony Vegas MSPPS" = NewBlue VideoFX for Sony Vegas MSPPS
"WinRAR archiver" = WinRAR 5.00 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F0ED3F6-08DE-44A3-ACE3-88F7B76BCB7D}" = MobileCamStreamer
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{70D605C7-C823-4750-BA72-BEB835713612}" = TP-LINK TL-WDN4800 Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75648F62-925B-11E2-B9EF-F04DA23A5C58}" = Sound Forge Audio Studio 10.0
"{781B7F3D-8107-4049-80C0-16FF46420184}" = XSplit Broadcaster
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{E3D1078F-9660-11E2-9E28-F04DA23A5C58}" = DVD Architect Studio 5.0
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity_is1" = Audacity 2.0.4
"Avast" = avast! Free Antivirus
"AVS Video Editor_is1" = AVS Video Editor 6
"Creative Live! Central 2" = Creative Live! Central 3
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"FastAccess Web Alert" = FastAccess Web Alert
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"GotoCameraClient" = GotoCamera Client
"InstallShield_{03B2F2B1-247A-4216-997F-2BE0372FFEC9}" = Magic Bullet QuickLooks for Movie Studio 64 bit
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Broadcaster Software" = Open Broadcaster Software
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"Rainmeter" = Rainmeter
"Sony Vocal Eraser_is1" = Sony Vocal Eraser
"Steam App 105600" = Terraria
"Steam App 109400" = MicroVolts Surge
"Steam App 113200" = The Binding of Isaac
"Steam App 17520" = Synergy
"Steam App 209080" = Guns of Icarus Online
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 212160" = Vindictus
"Steam App 212480" = Sonic & All-Stars Racing Transformed
"Steam App 218230" = PlanetSide 2
"Steam App 219340" = The Banner Saga: Factions
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 220" = Half-Life 2
"Steam App 221910" = The Stanley Parable
"Steam App 224760" = FEZ
"Steam App 225420" = Cities in Motion 2
"Steam App 226410" = RIDGE RACER™ Driftopia
"Steam App 230410" = Warframe
"Steam App 236390" = War Thunder
"Steam App 237310" = Elsword
"Steam App 4000" = Garry's Mod
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8190" = Just Cause 2
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 99900" = Spiral Knights
"SysInfo" = Creative System Information
< End of report >
 
redtarget.gif

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O4 - HKU\S-1-5-21-2333663110-99850075-2660629624-1004..\RunOnce: [CTPostBootSequencer] "C:\Users\JONATH~1\AppData\Local\Temp\CTPBSeq.exe" /reglaunch /self_destruct File not found
O4 - HKU\S-1-5-21-2333663110-99850075-2660629624-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/01/04 00:52:29 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\zotf.beu
[2014/01/04 00:42:29 | 000,000,083 | ---- | C] () -- C:\Windows\SysNative\iqsp.pwp
[2014/01/04 00:42:12 | 000,000,097 | ---- | C] () -- C:\Windows\SysNative\tngi.ijx
[2014/01/04 00:42:12 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\ayrz.ppu
[2014/01/04 00:26:41 | 000,219,314 | --S- | C] () -- C:\Windows\SysNative\ayqgkw.cpb


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2333663110-99850075-2660629624-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\CTPostBootSequencer deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2333663110-99850075-2660629624-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\SysNative\zotf.beu moved successfully.
C:\Windows\SysNative\iqsp.pwp moved successfully.
C:\Windows\SysNative\tngi.ijx moved successfully.
C:\Windows\SysNative\ayrz.ppu moved successfully.
C:\Windows\SysNative\ayqgkw.cpb moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jonathan Wolff
->Temp folder emptied: 2218411 bytes
->Temporary Internet Files folder emptied: 6540275 bytes
->Java cache emptied: 48020 bytes
->FireFox cache emptied: 38883370 bytes
->Google Chrome cache emptied: 6427801 bytes
->Flash cache emptied: 30570 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 296170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 698392864 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 718.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Jonathan Wolff
->Java cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Jonathan Wolff
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01052014_221815

Files\Folders moved on Reboot...
C:\Users\Jonathan Wolff\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 05-12-2013
Ran by Jonathan Wolff (administrator) on 05-01-2014 at 22:27:16
Running from "C:\Users\Jonathan Wolff\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2010-11-20 22:24] - [2010-11-20 22:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2010-11-20 22:24] - [2010-11-20 22:24] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

C:\Windows\System32\dnsrslvr.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jonathan Wolff
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33171 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51985447 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 295562 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 50.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Jonathan Wolff
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Jonathan Wolff
->Java cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 01052014_235811

Files\Folders moved on Reboot...
C:\Users\Jonathan Wolff\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
My computer is doing absolutely great. I can't thank you enough for your help today, Broni. Everything seems to be in order.
 
You must log in or register to reply here.

Similar threads

A
AT&T wireless service outage is impacting many US customers
Replies
8
Views
232
Mark Fuller
M
Bubbajim
Customer service chatbot gets foul-mouthed and calls its own company "useless"
Replies
8
Views
214
PurpaFur
PurpaFur
Daniel Sims
Google is testing a feature that holds customer service calls for you until a human representative...
Replies
10
Views
354
Underdog
Underdog

Latest posts

Back