Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 37

Thread: Infected Computer

  1. #21
    Junior Member
    Join Date
    Nov 2012
    Posts
    20

    Default

    OTL Extras logfile created on: 12/22/2012 11:45:31 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Triode\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 72.85% Memory free
    11.99 Gb Paging File | 10.18 Gb Available in Paging File | 84.90% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 264.46 Gb Free Space | 56.79% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 266.10 Gb Free Space | 57.13% Space Free | Partition Type: NTFS
    Drive F: | 1397.26 Gb Total Space | 1182.08 Gb Free Space | 84.60% Space Free | Partition Type: NTFS

    Computer Name: TRIODE-PC | User Name: Triode | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04A241F4-F985-4E86-BFF7-92966896195F}" = lport=445 | protocol=6 | dir=in | app=system |
    "{14F041D5-C883-40DC-88A2-F3A1B8DFC6F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1A165DC5-D615-4374-A3C6-CF2868B251D2}" = rport=445 | protocol=6 | dir=out | app=system |
    "{2FA24EE0-03C0-476C-8217-4E6FAB59F251}" = rport=137 | protocol=17 | dir=out | app=system |
    "{3E1F4AE2-0BA5-4C61-9B16-E63B04EEA8E8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{427A34E4-07AA-4403-B2FF-0D3CD68BDEDA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4E2F6338-72AD-41B0-A740-B12F3F7B1394}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{5B4043FB-FD60-4CDF-A721-E43E43016A0E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6FE8B704-7D5E-4A3B-9E2C-F47BAA49A629}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{845E4396-01EB-4B75-81B1-D7976CA87EA0}" = lport=137 | protocol=17 | dir=in | app=system |
    "{84B7F2F2-B9CB-46C9-BE3F-1A1C0517AD97}" = lport=139 | protocol=6 | dir=in | app=system |
    "{8996DF99-69E9-4D08-AF12-29FAC8F2561B}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8DEE5B99-20FA-4BB7-8F7E-590DFEEB61ED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9B1A6774-9CAF-44B0-956C-57B379942FE7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A0A5A3DB-AEBF-4DAA-9B25-F142A1F619E6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B1FEFB17-76BA-4126-9F5A-8CF146CFDA7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BC3F561A-B6E9-4119-ADE4-1F55454EE821}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{CB728635-D76E-433D-ADEE-CDA77055AB26}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{D5403F4B-A83E-4A19-A070-3462DB09BEC6}" = rport=139 | protocol=6 | dir=out | app=system |
    "{EAD75BDB-2134-4C15-9096-EA61362A7495}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{EBFDA4F1-ECA4-4BB6-8FC1-FB494CAF2E11}" = rport=138 | protocol=17 | dir=out | app=system |
    "{F83F79D1-F0CF-4FF6-9167-C69EC95A5F54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09414609-14EE-42DE-8A69-FD67C0EEA1CE}" = protocol=6 | dir=in | app=c:\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
    "{0F11B77C-C346-4CA9-997C-8D2DFE1BFE0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
    "{126AC34B-7D55-4488-B114-61FDB706DE9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
    "{1D56907E-300D-4C00-9D79-3DAE5036AEFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
    "{21EFFF39-A707-446B-A251-B580C2B341D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
    "{27295998-9A72-4BBD-877C-A4B936157999}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{324F15D9-33E1-4CB9-9B3C-C7D64F814A62}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{37733FF0-CB11-46F8-B6D7-322354B597CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{3A821155-2638-49E9-AE4F-CE894DDD1EE0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3CF63D86-ED2A-47EF-86BD-3824A90D45E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
    "{4466F5E4-61A9-46F6-A877-F590B68E1DEC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{44CACD79-7FE8-47B8-BA00-D5CF51AAC795}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
    "{466A1D29-30EE-4490-847A-F45313A32AC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
    "{46A4E037-57B7-40C6-AB8D-60F2D8F7A6A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
    "{46E58611-3A0B-45DD-8D14-0C9D7E1F5A64}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller black edition\bin\painkiller.exe |
    "{4A5CDC25-E2F6-46B0-8208-AC46F9D8A4A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
    "{4A9F1040-EA7D-44E5-8042-18A9992E6D39}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{4F9D7A19-3653-4F88-BC6C-008EEB376644}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{55AB22E2-DC02-4FAE-A698-B060B771248D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{581FE304-2D38-4E07-B9A8-D1ECB010B7F1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{62EA0ACE-EF0D-49C3-A159-280E018D34A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
    "{63D9632F-44CD-4227-B6C6-175E27E80077}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
    "{66992133-6A13-4457-AACA-EFACD36207E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{68F22BAC-2B70-402F-BBD3-1EEB94FA2ECD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6A429B22-B4D9-4D03-9268-ACF57111162B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
    "{6C6823C2-8971-4FA5-A02D-482ABCA6C255}" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe |
    "{6D4FE52D-0FCC-49C5-91C4-38ECC66852E5}" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe |
    "{6DE32490-21CB-41DC-B9A3-A46897C9B197}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{700690EA-F868-4896-8BD4-D180F622CD8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7A98AA9D-7827-4AE4-ACA0-7DCED36DC5CF}" = protocol=58 | dir=in | app=system |
    "{82558447-F9CB-4449-B07C-3D86E11D6357}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{82CC9984-8FAC-4C0D-95AD-66664DE1363A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{8A8669DA-D9D9-43BC-98CD-67B959B0B8DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
    "{8C941CB9-D635-431C-BC5D-071DA670849A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9389D704-32BC-483E-96DA-186F9433789F}" = protocol=17 | dir=in | app=c:\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
    "{953C2D86-D96C-4ED3-BB6D-4EB1D83849BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
    "{98628A57-BE84-4F86-80D2-F6E2C8365245}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{9ABAF1FB-D443-4B37-94B5-2CC354033E85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A3B67248-2816-4164-964D-E413C122289A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
    "{A6AD8001-8205-4BE7-9BCF-E3FB3924896F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{A6F8AB7D-DE87-43A4-9F87-C95E24778767}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{A8B489CA-0DE9-4175-8E61-C0A5420CCE74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alpha protocol\aplauncher.exe |
    "{A902BC24-0184-459E-A12A-DF01CCD6F2C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{B310C1DD-8A05-4735-8ABA-DD46FDB522CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
    "{B3984DCE-60AA-4422-93B1-E8739A6F3682}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{B9252C50-E755-418C-814D-6A163A54A67F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C8144EF9-855B-4850-A4CF-57A81C7F44A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
    "{CC9E0887-1CAE-44F0-A3E9-B527787CF41C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{CD375D36-191C-4160-BAB8-504B0F16C6C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alpha protocol\aplauncher.exe |
    "{CE24777F-6C95-43CC-84DC-D5B77AB738E5}" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.patch.exe |
    "{CE4687E3-CC9E-4A3E-982F-F6842EE24161}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{CFD290D2-9AD2-487D-8036-62BABCFD0E2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D01BDC70-D79F-4811-BB5F-D0536B2CE7A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D16C0F56-80AC-4AED-9B66-481EDD39C79C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D2083048-8B01-4353-872D-804560C02D0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D46F3143-F5BD-4213-B651-E195B931ED6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |
    "{DDD54D5C-4BF4-41E1-AD88-E1BA4D386BD4}" = protocol=6 | dir=out | app=system |
    "{E1DC03BF-15B0-46E2-A3A6-9747E927E1C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{E1DF0954-1C8E-4550-A73A-A55AB57D7D39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
    "{E287DD0A-60CD-4E23-A7D6-E95D20A34A11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
    "{E32A80E7-49E4-4DC5-9D5A-A51783FD201E}" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.patch.exe |
    "{E384FE06-F37E-4F78-846D-8700BC3F77A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
    "{E4C6DF9C-CF4F-4C9E-9D62-A14B7A422A7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E5058F42-9F90-4A36-A83A-5C37E3737519}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{E6D899EF-4EBD-4533-A02F-B1E23D1C73E0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EBE9EE5C-7743-4BC2-86B3-C7574F6A97F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{EF502986-AECA-4F30-BD7F-2A1887F5CC9E}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{F3EC7D2F-E875-4F40-B6BB-264E8E82EE1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F5E8A44F-9EBC-4F1E-A329-7B55AFC39090}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{F9600430-3C1A-4E84-8AA6-B03BF94EC07A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
    "{FA53F18E-3BFB-43B3-A430-012C363537A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller black edition\bin\painkiller.exe |
    "{FE858D41-243B-44AE-86A7-0240141A8D1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
    "{FE88B2B7-3AF1-483E-A3EE-7AAE7F09CA15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |
    "TCP Query User{1B58E15D-19A7-4AE4-BBAD-8567B2E4ED4D}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{BA00140B-7310-49CC-BA08-AF4C0B973689}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
    "TCP Query User{EB0A4178-E1AB-4E9D-8E11-B0F0EAE5C324}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
    "TCP Query User{FA546498-0F0A-4879-9342-25DA84782FA9}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
    "UDP Query User{181E5BE6-615D-4E79-B325-6ED1A3B93AA8}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
    "UDP Query User{6D7EB3B4-A87B-48C4-A4EB-897AAA41C80F}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
    "UDP Query User{747EEEA8-F503-45A4-B310-0C460B07E1FE}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{F6C06C32-51DB-4AF8-A49E-3628CE155D67}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "C-Media PCI Audio Driver" = C-Media PCI Audio Device
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
    "{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
    "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
    "{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
    "{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
    "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
    "{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
    "{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
    "{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
    "{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
    "{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
    "{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
    "{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
    "{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
    "{9218e075-20f1-4e80-a048-06b505c564fe}" = Nero 9 Essentials
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
    "{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
    "{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "avast" = avast! Free Antivirus
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "ERUNT_is1" = ERUNT 1.1j
    "ESET Online Scanner" = ESET Online Scanner v3
    "Fraps" = Fraps
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 105600" = Terraria
    "Steam App 107310" = Cthulhu Saves the World
    "Steam App 16450" = F.E.A.R. 2: Project Origin
    "Steam App 200710" = Torchlight II
    "Steam App 204100" = Max Payne 3
    "Steam App 207610" = The Walking Dead
    "Steam App 20920" = The Witcher 2
    "Steam App 218230" = PlanetSide 2
    "Steam App 24960" = Battlefield: Bad Company 2
    "Steam App 25800" = Europa Universalis III
    "Steam App 34010" = Alpha Protocol
    "Steam App 39530" = Painkiller: Black Edition
    "Steam App 42910" = Magicka
    "Steam App 57300" = Amnesia: The Dark Descent
    "Steam App 620" = Portal 2
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "VLC media player" = VLC media player 2.0.4
    "Winamp" = Winamp (remove only)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/20/2012 8:43:39 PM | Computer Name = Triode-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/20/2012 9:40:52 PM | Computer Name = Triode-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/20/2012 9:58:31 PM | Computer Name = Triode-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 12/20/2012 10:00:08 PM | Computer Name = Triode-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 12/20/2012 10:30:48 PM | Computer Name = Triode-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 12/20/2012 10:31:50 PM | Computer Name = Triode-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 12/21/2012 10:21:39 AM | Computer Name = Triode-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/21/2012 10:32:26 AM | Computer Name = Triode-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/21/2012 8:07:10 PM | Computer Name = Triode-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/22/2012 1:52:04 PM | Computer Name = Triode-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 12/20/2012 10:24:11 AM | Computer Name = Triode-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ntcdrdrv

    Error - 12/20/2012 10:28:06 AM | Computer Name = Triode-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 12/20/2012 10:28:06 AM | Computer Name = Triode-PC | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 12/20/2012 8:35:59 PM | Computer Name = Triode-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ntcdrdrv

    Error - 12/20/2012 8:42:06 PM | Computer Name = Triode-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ntcdrdrv

    Error - 12/20/2012 9:39:16 PM | Computer Name = Triode-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ntcdrdrv

    Error - 12/21/2012 10:20:26 AM | Computer Name = Triode-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ntcdrdrv

    Error - 12/21/2012 10:31:16 AM | Computer Name = Triode-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ntcdrdrv

    Error - 12/21/2012 8:05:52 PM | Computer Name = Triode-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ntcdrdrv

    Error - 12/22/2012 1:50:48 PM | Computer Name = Triode-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ntcdrdrv


    < End of report >

  2. #22
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello Triode

    Thank you for the log.


    1. Please open OTL


      • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

        Code:
        :OTL
        O2 - BHO: (no name) - {9194649F-7143-4308-90C1-D6A35B0E354E} - No CLSID value found.
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
        O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
        @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A5514ABC
        
        :Commands
        [purity]
        [emptytemp]
        [emptyflash]
        [Reboot]

      • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
      • Allow the program to run unhindered.
      • Your machine will re-start itself. This is normal.
      • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
    Proud Graduate of the WTT Classroom

  3. #23
    Junior Member
    Join Date
    Nov 2012
    Posts
    20

    Default

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9194649F-7143-4308-90C1-D6A35B0E354E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ADS C:\ProgramData\TEMP:A5514ABC deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Triode
    ->Temp folder emptied: 59640 bytes
    ->Temporary Internet Files folder emptied: 13136320 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 300543015 bytes
    ->Flash cache emptied: 3274 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2183526 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 301.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Triode
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12232012_102014

    Files\Folders moved on Reboot...
    C:\Users\Triode\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  4. #24
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello Triode

    Good job with OTL. That has taken care of the orphan

    Now to address the potential false positive.

    1. Please Uninstall Combofix


      • Hold down the Windows key (has the Windows symbol on it) and press the "R" key.
      • A Run box will open.
      • Type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.


      Once you have uninstalled Combofix, please re-scan your machine with aswMBR and post the new log in your next reply.
    Proud Graduate of the WTT Classroom

  5. #25
    Junior Member
    Join Date
    Nov 2012
    Posts
    20

    Default

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-23 21:30:39
    -----------------------------
    21:30:39.859 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:30:39.859 Number of processors: 8 586 0x1A04
    21:30:39.860 ComputerName: TRIODE-PC UserName: Triode
    21:30:42.063 Initialize success
    21:30:42.149 AVAST engine defs: 12122301
    21:31:43.363 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    21:31:43.366 Disk 0 Vendor: ST3500630AS 3.AAK Size: 476938MB BusType: 3
    21:31:43.369 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-a
    21:31:43.372 Disk 1 Vendor: ST3500630AS 3.AHG Size: 476940MB BusType: 3
    21:31:43.386 Disk 0 MBR read successfully
    21:31:43.388 Disk 0 MBR scan
    21:31:43.392 Disk 0 Windows 7 default MBR code
    21:31:43.397 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    21:31:43.412 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476836 MB offset 206848
    21:31:43.423 Disk 0 scanning C:\Windows\system32\drivers
    21:31:50.996 Service scanning
    21:32:02.093 Modules scanning
    21:32:02.100 Disk 0 trace - called modules:
    21:32:02.120 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    21:32:02.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006861790]
    21:32:02.129 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800661fe40]
    21:32:02.134 5 ACPI.sys[fffff88000f737a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800663b060]
    21:32:03.789 AVAST engine scan C:\Windows
    21:32:06.063 AVAST engine scan C:\Windows\system32
    21:33:46.891 AVAST engine scan C:\Windows\system32\drivers
    21:33:57.663 AVAST engine scan C:\Users\Triode
    21:34:45.052 AVAST engine scan C:\ProgramData
    21:35:43.881 Scan finished successfully
    21:36:27.293 Disk 0 MBR has been saved successfully to "C:\Users\Triode\Desktop\MBR.dat"
    21:36:27.298 The log file has been saved successfully to "C:\Users\Triode\Desktop\aswMBR.txt"

  6. #26
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello Triode

    That aswMBR log looks much better. The detection was a false positive as suspected.

    Provided you are no longer having any problems we can remove our tools.

    You no longer need DDS, aswMBR or TDSSKiller. Please delete them from your machine.

    Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.


    1. Finally, please take the time to read through the information provided below:

      Enhance your System Security

      • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.


      • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
      • Once complete, remember to re-engage your resident security before going online.


      Web Browsers and Browser Security

      Firefox
      • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here.


      No-Script
      • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
      • You can download No-Script by clicking here.


      Internet Explorer
      • The newest version of Internet Explorer is available from here.


      SpywareBlaster
      • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
      • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
      • You can download SpywareBlaster by clicking here.


      Web of Trust
      • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
      • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
      • You can download Web of Trust by clicking here.


      Keep your Software Updated
      • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
      • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.


      Passwords
      • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
    Proud Graduate of the WTT Classroom

  7. #27
    Junior Member
    Join Date
    Nov 2012
    Posts
    20

    Default

    Thank you very much for all the help! Can I also delete the folders on my C: drive like _OTL, JRT, and TDSSKiller_Quarantine?

  8. #28
    Junior Member
    Join Date
    Nov 2012
    Posts
    20

    Default

    Also, Program Files/ERUNT and ESET?

  9. #29
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello Triode

    Thank you very much for all the help!
    You are Very Welcome

    Can I also delete the folders on my C: drive like _OTL, JRT, and TDSSKiller_Quarantine?
    You can if you wish, but nothing in those folders can cause harm to your machine.

    I advise you to keep all files and folders relating to ERUNT. ERUNT is a tool that creates a backup of your system registry. Should something go seriously wrong with your machine and you need to restore your registry, ERUNT will allow you to do so.
    Proud Graduate of the WTT Classroom

  10. #30
    Junior Member
    Join Date
    Nov 2012
    Posts
    20

    Default

    Thanks, have a great Christmas!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •