-
Member
Laptop realy slow and wont load most sites AVG not running as well!!!
Hello
Noticed a few days ago that my AVG was switched off - I don't know how long this has been off for- and I cant switch it back on again or update it!
I have had a fiddle... and ran Combofix and this dose not appeared to have helped - I now know that I should of not done the Combofix until instructed to do so sorry.
I am unable to download the DDS and MBR program so I downloaded them onto a SD card from my wifes computer and ran them from the CD drive.
Strangely enough the Windows defender program is now showing as running (I did try to turn it on but it would not let me) it now appears to be running??? (or not)
I just don't know what it going on as I can still play world of tanks and world of warplanes but none of my shortcuts work above internet explorer and my back arrow dose not let go back to the previous page!!
thanks in advance.
DDS Log
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by steves at 21:02:50 on 2013-08-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4028.2001 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Users\steves\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\steves\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uProxyOverride = <local>
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Slick Savings: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\steves\AppData\Roaming\Slick Savings\Coupons.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
uRun: [Akamai NetSession Interface] "C:\Users\steves\AppData\Local\Akamai\netsession_win.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [IomegaEncryption] C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\steves\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TMMONI~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\35B4954413535343 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\374756675637D286F647D23707F647 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\C416572716370286F6473707F647132333 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\F54586560234C6F65746 : DHCPNameServer = 10.1.5.153 10.1.5.154
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-11-24 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-24 13336]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-2-1 1900728]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-4-5 167424]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-7-14 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-9-19 1157056]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-19 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-9-19 1177536]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2010-7-2 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 IT9135BDA;WinFast DTV Dongle Dual Devices;C:\Windows\System32\drivers\IT9135BDA.sys [2011-1-10 139392]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-15 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-15 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2012-9-19 14464]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-08-14 10:38:09 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 10:38:09 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 10:38:09 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 10:38:09 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 10:38:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 10:38:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 10:38:07 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 10:38:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-14 10:36:26 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-14 10:15:43 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D49F91BE-F3A8-44D3-B663-E70EFABFD88A}\mpengine.dll
2013-08-12 13:28:48 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-12 12:43:17 98816 ----a-w- C:\Windows\sed.exe
2013-08-12 12:43:17 256000 ----a-w- C:\Windows\PEV.exe
2013-08-12 12:43:17 208896 ----a-w- C:\Windows\MBR.exe
2013-08-12 12:43:13 -------- d-s---w- C:\ComboFix
2013-08-12 06:52:49 -------- d-----w- C:\Program Files (x86)\ESET
2013-08-07 19:19:40 -------- d-----w- C:\Users\steves\AppData\Local\ArmA 2 OA DEMO
2013-08-03 19:57:58 -------- d-----w- C:\Windows\System32\MRT
2013-07-27 15:04:47 -------- d-----w- C:\Users\steves\AppData\Roaming\Slick Savings
2013-07-27 15:04:47 -------- d-----w- C:\Users\steves\AppData\Local\Slick Savings
2013-07-20 00:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 00:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 00:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 00:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
==================== Find3M ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-21 08:52:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 08:52:03 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-10 00:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-01 00:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 21:03:22.21 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-14 21:05:49
-----------------------------
21:05:49.967 OS Version: Windows x64 6.1.7601 Service Pack 1
21:05:49.967 Number of processors: 8 586 0x1E05
21:05:49.967 ComputerName: STEVES-PC UserName: steves
21:05:53.508 Initialize success
21:07:53.593 AVAST engine defs: 13081401
21:08:19.037 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:08:19.037 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
21:08:19.037 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
21:08:19.037 Disk 1 Vendor: ( Size: 7580MB BusType: 12
21:08:19.131 Disk 0 MBR read successfully
21:08:19.131 Disk 0 MBR scan
21:08:19.146 Disk 0 Windows 7 default MBR code
21:08:19.193 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:08:19.302 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
21:08:19.536 Disk 0 scanning C:\Windows\system32\drivers
21:08:30.862 Service scanning
21:09:02.811 Modules scanning
21:09:02.826 Disk 0 trace - called modules:
21:09:02.842 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:09:02.857 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d75790]
21:09:02.857 3 CLASSPNP.SYS[fffff88001b6243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ada050]
21:09:05.899 AVAST engine scan C:\Windows
21:09:12.202 AVAST engine scan C:\Windows\system32
21:16:00.267 AVAST engine scan C:\Windows\system32\drivers
21:16:18.847 AVAST engine scan C:\Users\steves
21:19:16.500 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
21:19:16.531 The log file has been saved successfully to "E:\aswMBR.txt"
-
Go here and download AdwCleaner to your desktop
- Double click on AdwCleaner.exe to run the tool.
- Click on Delete
- A logfile will automatically open after the scan has finished.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
Download Junkware Removal Tool to your desktop
- shut down your protection software now to avoid potential conflicts.
- run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
- the tool will open and start scanning your system
- please be patient as this can take a while to complete depending on your system's specifications
- on completion, a log (JRT.txt) is saved to your desktop and will automatically open
- post the contents of JRT.txt into your next message.
Please download Malwarebytes Anti-Malware to your desktop.
- Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan as shown below.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
-
Member
hello
many thanks for the help.
I had to down load the programs to a SD card again and run from there.
logs below
# AdwCleaner v2.306 - Logfile created 08/15/2013 at 07:15:16
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : steves - STEVES-PC
# Boot Mode : Normal
# Running from : E:\AdwCleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16660
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [2661 octets] - [15/08/2013 07:02:35]
AdwCleaner[R2].txt - [2010 octets] - [15/08/2013 07:15:16]
########## EOF - C:\AdwCleaner[R2].txt - [2070 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Windows 7 Home Premium x64
Ran by steves on 15/08/2013 at 7:04:46.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstallerstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstallerstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2504091
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
~~~ Files
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.15.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
steves :: STEVES-PC [administrator]
Protection: Enabled
15/08/2013 07:18:19
mbam-log-2013-08-15 (07-18-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235300
Time elapsed: 5 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\steven\Downloads\SetupImgBurn_2.5.5.0.exe (PUP.Optional.AskToolbar) -> Quarantined and deleted successfully.
(end)
-
Great, things running any better ?
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
-
Member
Hello
OTL.txt below
OTL logfile created on: 15/08/2013 12:33:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.93 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 51.09% Memory free
7.87 Gb Paging File | 5.41 Gb Available in Paging File | 68.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 115.16 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
Drive E: | 7.39 Gb Total Space | 6.63 Gb Free Space | 89.71% Space Free | Partition Type: FAT32
Computer Name: STEVES-PC | User Name: steves | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\steves\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (WDRulesService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\drivers\IT9135BDA.sys (ITE )
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 0E 57 37 8C CA CD 01 [binary data]
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes,DefaultScope = {70903C48-6C44-4F6E-AAD9-9BC8BB1D4FAD}
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes\{70903C48-6C44-4F6E-AAD9-9BC8BB1D4FAD}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\steves\AppData\Local\Roblox\Versions\version-5fd8234dbfe247fe\\NPRobloxProxy.dll ()
O1 HOSTS File: ([2013/08/14 17:16:03 | 000,450,694 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [Akamai NetSession Interface] C:\Users\steves\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [IomegaEncryption] C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe (PLX Technology)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/08/15 07:17:13 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Malwarebytes
[2013/08/15 07:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/15 07:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/15 07:16:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/15 07:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/15 07:04:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/14 20:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/08/14 20:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/08/14 11:59:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/14 11:59:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/14 11:59:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/14 11:59:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/14 11:59:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/14 11:59:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/14 11:59:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/14 11:59:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/14 11:59:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/14 11:59:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/14 11:59:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/14 11:59:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/14 11:59:49 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 11:59:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/14 11:59:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/14 11:38:09 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 11:38:09 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 11:38:07 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 11:37:41 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 11:37:41 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 11:37:41 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 11:37:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 11:37:39 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 11:37:38 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 11:37:38 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 11:37:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 11:37:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 11:37:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 11:37:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 11:37:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 11:37:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/12 14:28:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/12 13:43:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/12 13:43:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/12 13:43:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/12 13:43:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/08/12 13:43:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/12 13:42:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/12 13:42:39 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/08/12 07:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/08/11 20:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/10 14:11:09 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\Kindle books
[2013/08/07 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\steves\Documents\ArmA 2 OA Demo
[2013/08/07 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Local\ArmA 2 OA DEMO
[2013/08/06 18:40:15 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\MORGAGE
[2013/08/03 20:57:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/31 12:02:59 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\config
[2013/07/27 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Slick Savings
[2013/07/27 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Local\Slick Savings
[2013/07/21 19:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/20 01:51:00 | 000,311,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/08/15 12:32:12 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 12:32:12 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 12:24:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/15 12:23:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/15 12:23:43 | 3168,043,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/15 07:45:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/15 07:16:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/15 06:51:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/14 20:59:44 | 000,001,108 | ---- | M] () -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/14 20:59:33 | 000,000,928 | ---- | M] () -- C:\Users\steves\Desktop\NTREGOPT.lnk
[2013/08/14 20:59:33 | 000,000,909 | ---- | M] () -- C:\Users\steves\Desktop\ERUNT.lnk
[2013/08/14 17:16:03 | 000,450,694 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/14 11:56:33 | 000,741,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/14 11:56:33 | 000,620,524 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/14 11:56:33 | 000,110,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/12 12:15:26 | 000,450,694 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130814-171603.backup
[2013/08/11 12:46:10 | 000,217,600 | ---- | M] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x64.dll
[2013/08/11 12:46:10 | 000,176,128 | ---- | M] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x86.dll
[2013/08/09 10:22:41 | 000,001,354 | ---- | M] () -- C:\Users\steves\Desktop\ROBLOX Player.lnk
[2013/08/09 10:22:41 | 000,001,173 | ---- | M] () -- C:\Users\steves\Desktop\ROBLOX Studio 2013.lnk
[2013/08/07 19:08:40 | 000,000,221 | ---- | M] () -- C:\Users\steves\Desktop\Arma 2 Operation Arrowhead Demo.url
[2013/07/30 17:53:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/27 16:04:47 | 000,000,000 | ---- | M] () -- C:\search.sqlite
[2013/07/26 06:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/26 06:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/26 06:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/26 06:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/26 06:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/26 06:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/26 06:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/26 06:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/26 04:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/26 04:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/26 04:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/26 04:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/26 04:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/26 03:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/26 02:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/25 10:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/25 09:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/21 19:15:27 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/21 16:18:51 | 000,512,825 | ---- | M] () -- C:\Users\steves\Desktop\FTB_Launcher.exe
[2013/07/21 09:52:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/21 09:52:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/08/15 07:16:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/14 20:59:44 | 000,001,108 | ---- | C] () -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/14 20:59:33 | 000,000,928 | ---- | C] () -- C:\Users\steves\Desktop\NTREGOPT.lnk
[2013/08/14 20:59:33 | 000,000,909 | ---- | C] () -- C:\Users\steves\Desktop\ERUNT.lnk
[2013/08/12 13:43:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/12 13:43:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/12 13:43:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/12 13:43:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/12 13:43:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/07 19:08:39 | 000,000,221 | ---- | C] () -- C:\Users\steves\Desktop\Arma 2 Operation Arrowhead Demo.url
[2013/07/31 12:04:06 | 000,217,600 | ---- | C] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x64.dll
[2013/07/31 12:04:06 | 000,176,128 | ---- | C] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x86.dll
[2013/07/30 17:53:52 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/27 16:04:47 | 000,000,000 | ---- | C] () -- C:\search.sqlite
[2013/07/21 19:15:27 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/02/04 19:31:57 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/04 19:31:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/12/09 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/09 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/11/25 12:57:38 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\.minecraft
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\AVG2012
[2012/11/25 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Azureus
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\CompuClever
[2012/11/25 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\FreeAudioPack
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\HTC
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\ImgBurn
[2012/11/25 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\InfraRecorder
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\iScreensaver
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\NCH Swift Sound
[2012/06/20 19:49:25 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Outlook
[2012/11/25 12:57:44 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\SoftGrid Client
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\ssmci
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Temp
[2011/03/08 21:51:13 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\TP
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\wargaming.net
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Windows Live Writer
[2013/08/11 12:40:07 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\.minecraft
[2012/11/25 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\AVG2013
[2013/08/10 22:45:20 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Azureus
[2013/02/03 18:00:52 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Firefly Studios
[2013/07/21 16:18:52 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\ftblauncher
[2013/04/05 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\HTC
[2013/04/05 15:20:49 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\HTC Sync
[2013/07/27 16:04:47 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Slick Savings
[2012/11/25 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\TuneUp Software
[2013/06/28 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\uTorrent
[2013/05/28 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Wargaming.net
========== Purity Check ==========
< End of report >
-
Member
OTL extra.txt
OTL Extras logfile created on: 15/08/2013 12:33:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.93 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 51.09% Memory free
7.87 Gb Paging File | 5.41 Gb Available in Paging File | 68.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 115.16 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
Drive E: | 7.39 Gb Total Space | 6.63 Gb Free Space | 89.71% Space Free | Partition Type: FAT32
Computer Name: STEVES-PC | User Name: steves | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C177416-BE7F-401A-8DA7-A4F55F6C07C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F2DA54B-9103-4F06-98A8-4295063742ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{3DF6EFC1-1510-4A8C-961E-4FF92C8B1493}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E26A568-7CC5-4571-9F3A-4380CCBDD780}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E38527A-F64F-48A7-BF23-4A7212B9FE4D}" = lport=137 | protocol=17 | dir=in | app=system |
"{40160300-F624-480D-8864-4612A4377CCE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41A4D8BD-C02C-4439-9B04-E34BD5C7D54E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{42644C3E-7E0C-4E90-85F6-5F4B736CD38F}" = rport=138 | protocol=17 | dir=out | app=system |
"{4548D47A-B908-44F9-BC74-E46557F2798D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E36B8CB-1963-4A7C-9CF4-74AAEF1A6E07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{505EB431-94AF-462E-BD21-6089F712D88C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{618B8C4F-A898-4FA0-A4F4-555E73339A1D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62ED8CDF-8208-4E15-A503-895F5CCD82EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66F10385-6C72-4342-9EE6-46F10FDE8965}" = lport=138 | protocol=17 | dir=in | app=system |
"{6765BA69-5EC1-4EAE-8C35-F584357C00F2}" = lport=445 | protocol=6 | dir=in | app=system |
"{77AA821E-994C-49AC-A387-21C9E6B40A84}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7930DE88-8C6F-4B66-B8DA-45543F0A7FBE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7EFBB4E6-1BBA-45AC-916B-6B5111B4F349}" = lport=139 | protocol=6 | dir=in | app=system |
"{A255F079-009E-422F-95E6-8A8EC9E99F97}" = rport=139 | protocol=6 | dir=out | app=system |
"{BDEE3A65-1C3D-40C1-9660-E16EDEE49D0A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C131DB7F-3A90-43DE-88AF-B5DE59237363}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{CCF30E0C-BC74-414A-BF80-A4F4CDC7601A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB217BAA-BD28-4757-ACD8-3198BB2D73AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD1308CF-4761-4CD4-9A42-214A2F40C161}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0325170F-26C8-4900-8783-1DAB30F9DA1B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{04F22435-685B-4421-B0C2-7036013A4898}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0630AC47-6BCB-4030-AE2B-A78D1C3740FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{07542E7D-16D0-43AB-A60D-776A11D3D952}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{0AA93831-8F9C-43F5-8167-9FD1F0E03ACD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{0D71D33A-6C10-4EDD-ACC8-A2A0CCF920D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0EB59C08-A6E9-473A-B7E5-7104ED278C32}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C378189-1336-46FD-B4E7-E95D6A7E8C28}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{1FECA3C9-B329-4513-B86C-6AC2256A03E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{21C5E38F-9DE3-4037-9CBD-5789DDD09334}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{2459142A-5F95-482A-9E67-1D4CAA240B27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{283CFDEE-5387-4962-B05C-231E487098FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{299FFD1D-731B-4231-855E-3A1F34728BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{29FC8039-E1EB-4AE2-A91F-679FD56D128A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{2FB0DB73-294B-4E88-806C-CDA6DF6222F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2FCB9ECA-622D-4495-AA38-28D1CC7DCF90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{3700F159-C044-4667-B127-69CE76EFF211}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{383EF20B-B123-4DD6-863F-CFD8EF0B699C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{38C586E3-8434-41C5-9B00-E82DAA51C63B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A9A6608-47A2-4C9C-AE27-4E90C68BB927}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3B2EE5F8-664E-489B-8E79-1FB8DBC3ADD7}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{3CA38A24-54D2-4BFB-9FC9-EAE7946A172C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{3F038E27-10D0-47DB-8422-79A2453E29A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe |
"{4118EC25-0A9E-479C-ABC9-5AA22FEEB882}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe |
"{41E3FDB2-42C9-4B5F-B820-0E1B7617C873}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{4285073E-D14A-4D30-B36B-70A79B4CD502}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{472BC1CD-F9EE-423D-959E-7ABF5772F5F3}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{48ED5C02-0D4D-4257-82E2-03C2BD037FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{4A17F36E-68BB-4FD1-9D2F-1136427297A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4B2E7231-107F-4857-8D4E-94ECBA31B14F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5080C592-E7A1-426B-A30A-DF3B637E26C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{550BFDA4-98CC-4452-85BC-4AF0C41C3502}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{559AD0BF-1121-4802-AD33-C11F61FB3169}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{5B7CEE2C-47DD-47E6-8F18-52418463B907}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5DACE858-B65F-42E6-A960-E992E565928D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5EB8D6A5-4314-4119-8F06-923343D52FD2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5F2D2596-0B08-41DE-8C43-A8035A5FD521}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{5F2DAC03-C0C8-4DCE-BE74-4522154DEE47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{674CDE8F-4BE0-41E8-8043-3C5F7FDDB9B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{682774E6-4170-4B14-8D05-49B8A201116C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe |
"{68B85203-3C56-4E27-B4D2-B77A23E434FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6A81DE7F-C888-48CC-9F26-6988E61C521C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B57360D-07C0-495E-9BEA-955AFF3DA4D4}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{7DD9DF57-41F6-4335-A960-B97C0FDC0A8B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8954ADAA-CB5D-4973-8929-C79FEAE9442B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{8A30A1D2-53F3-4D60-A453-22BB090E9667}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{8F22C156-AA1D-4551-B8B7-D33B2B8CCE94}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{96DDEE74-B7C7-4C7F-8894-415FDE463D75}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{97FAB04F-CD21-443C-AE66-9CE79AA7411F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{9AF3B55A-6CD1-4539-8AEC-EAF84AB6DA7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A48F2AA3-EB2F-456A-8BDE-49E2AAD8F4E0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A7425D71-6CF4-43F8-AE50-4AA07FF28536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{AEAFD3FB-7C25-439F-B43F-B0B787919152}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{AF9D8C71-B1B3-4544-8F3A-44CECB75A938}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B07CF0DF-7BD7-4CE3-8B1A-771CA5B9FC53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2975E86-B18F-4FB9-BADD-9BA1E8689892}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{B647FBB5-85FE-432C-9FFB-CB02EFBE8DF6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BAA82818-7693-4C2A-B237-563182F18399}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{BB1D1E2D-D74C-4803-8768-2AF79455B1E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{BC67B4E7-144C-4FA1-AB83-4F39A4E7948F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BF7C7594-10DE-447E-AF8B-28442D0D693D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{C17BC2E8-CCDA-444F-952D-807C673277D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C2B0C40D-267F-4009-A293-C4939765B47F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C2CB6172-CA21-4336-8669-87FD8FB6C043}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C9F7B549-BF0B-4918-92FC-DEFE748C1C6F}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{CB3AEB39-3E6D-4C48-8AA2-37CF4A7407C6}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{D6B280B0-0F31-4F82-9FAB-063D715AEE0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D7C931C9-AD2F-41AB-ADC2-F292C29A8748}" = protocol=6 | dir=out | app=system |
"{D7CFEC10-ACB4-4703-BED1-978FCEB00EBE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DC8D688C-8732-4C9C-82F2-2EEAE3DEDAAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DDA7F8BF-2592-4BD0-AD75-65A7FDFD1C83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe |
"{DE40352F-3C15-4879-9CE5-845478AE4D22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEE5BF99-4FCF-4DBE-88C0-42A08C93767E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{E47399C4-79F2-4A13-BE9F-C606CFAE1752}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{EC0AE1EB-593B-44FD-B084-A947F4A7E731}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{F8E04977-23C1-4D45-8286-DF083593CB22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE462E0F-1D08-4E93-BDFE-C659B315CD6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFB5C093-0728-4391-AE30-EDC793848ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"TCP Query User{21D7DA48-2922-49F3-9D00-79B8BB96FC19}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
"TCP Query User{3C0F55E6-4591-428E-BD38-C1362425797A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{484D7C95-643B-4BA3-89BE-C163E35D1FCD}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
"TCP Query User{5DB47477-1FE8-47F3-8599-53F6131CEB2D}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"TCP Query User{6045AC0E-472C-4E97-990A-4E5F4DB4CA92}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{7960ED44-C0C7-47E5-B138-4E77343FF5AE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{919B6CBF-6494-4625-A5EE-F51C198B362E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{91EAC839-4185-42D0-9D50-11C371B2C14A}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{9A238C37-8326-448D-9F00-ED02C30056C7}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A5825FDB-6757-4080-B6C7-923145947CDF}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{ED16C298-C4F4-4920-B230-37AB5A77EF7E}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{F637E4C4-E3F0-47C3-BCF3-14A4DC036314}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{1CB39CDD-9FB1-4247-BC5C-EE973740EBF6}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
"UDP Query User{1F98E516-B7E7-4FD7-9BE7-65494118C1D0}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{65537A5C-E932-4D44-BD04-E0F30B8899A2}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
"UDP Query User{69251C5D-8132-43A4-84AF-F7461F7CC235}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{79EC218F-99B1-48BE-ACD1-18728A61DAAC}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{80559A94-E2C6-4ACC-A770-77E7F8F0717E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{974A5532-D398-4B59-BF42-18D1A68A1CB4}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{ACCC6BEC-3838-46BE-B132-7FA37CA69598}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{BD17CD03-B473-4A1D-B869-7CF15033DB5C}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"UDP Query User{C70A51A0-3087-47C6-AC4E-A65293F5F443}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
"UDP Query User{D9A006DF-4DAF-4475-A0C9-10E19F6861B3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F23FFCE7-28FF-45DC-AF1C-35F2533ED812}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
"{578831A8-CB47-471F-A552-907EC3E9E040}" = Iomega Encryption
"{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}" = WD SmartWare
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.39
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
"{E74BF83C-2CA5-48EF-901F-959309E7D9EC}" = AVG 2013
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3607FA40-1D0F-4294-B034-6054349E1613}" = Windows Live Messenger
"{3A787631-66A2-4634-B928-A37E73B58FB6}" = Slick Savings
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{4BFE8ABF-F67A-4353-A05D-F5BA0044ECCA}" = ArcSoft TotalMedia 3.5
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}" = HTC Sync Manager
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE0C52A9-0C1C-4289-875A-8FB81BB9A367}_is1" = DVD Shrink version 4.1
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 207610" = The Walking Dead
"Steam App 33970" = Arma 2: Operation Arrowhead Demo
"Steam App 8930" = Sid Meier's Civilization V
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013 for steves
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for steves
"9204f5692a8faf3b" = Dell System Detect
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15/08/2013 02:27:05 | Computer Name = steves-PC | Source = WinMgmt | ID = 10
Description =
Error - 15/08/2013 07:24:08 | Computer Name = steves-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 15/08/2013 02:26:45 | Computer Name = steves-PC | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536804981.
Error - 15/08/2013 07:23:58 | Computer Name = steves-PC | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536804981.
< End of report >
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules