Author Topic: Trojan Horse in my Windows directory, read only so I cannot move to chest  (Read 47970 times)

0 Members and 1 Guest are viewing this topic.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Hi Drejer,

You shouldn't have had to do that. The problem you encountered was covered in the Combofix instructions.

Quote
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If after running combofix you recieve an message "Illegal operation attempted on a registery key that has been marked for deletion" or similar reboot the computer
.

A factory restore should have been enough to clean the computer. You can post a new OTL log and we'll see.

Drejer

  • Guest
Oh no I remember reading that too ><

Will post a new OTL log after the scan is finished.

Drejer

  • Guest
OTL logfile created on: 5/30/2013 12:26:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DJ\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 4.55 Gb Available Physical Memory | 75.90% Memory free
12.00 Gb Paging File | 10.44 Gb Available in Paging File | 87.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 835.80 Gb Free Space | 91.08% Space Free | Partition Type: NTFS
 
Computer Name: DJ-PC | User Name: DJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\DJ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.160\deploy\LoLLauncher.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\LeagueWindowFIx\LeagueWindowFix.exe ()
PRC - C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\LeagueWindowFIx\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files (x86)\LeagueWindowFIx\libstdc++-6.dll ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.160\deploy\LoLLauncher.exe ()
MOD - C:\Program Files (x86)\LeagueWindowFIx\mingwm10.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\LeagueWindowFIx\LeagueWindowFix.exe ()
MOD - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
MOD - C:\Program Files (x86)\RaidCall\skin.dll ()
MOD - C:\Program Files (x86)\RaidCall\crashreport.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\598a9987f519acb9efe5372a2c556af6\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ad29de17e87b1cefbfcf8a3dd41e0b5c\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\eb5ff7b60b69cc300751f46c6af316ad\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\de2941860ca151f8f9dd719daa7f9650\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a937151be4e65fd89c55b4c603f7d902\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d80659eacd9554d9606881b0d35835cf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\WINDOWS\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (atikmdag) -- C:\WINDOWS\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\WINDOWS\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\WINDOWS\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\WINDOWS\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiHdmiService) -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (k57nd60a) -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\WINDOWS\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 

Drejer

  • Guest

 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\DJ\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/05/09 22:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/09 22:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/09 22:39:37 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: South Park = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiakcboakkfknbginpmpfkcdmcmpnfm\1.6_0\
CHR - Extension: Google Drive = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google Search = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: avast! Online Security = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.7_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0\
CHR - Extension: ScriptSafe = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.13_0\
CHR - Extension: Gmail = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: League Streams = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\plbfmpfcbppeepkmbgphjpgldpgglbob\1.2.1_0\

Drejer

  • Guest
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20373D08-50DF-43E3-AD48-C28687422CCB}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 

Drejer

  • Guest
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/30 00:24:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
[2013/05/30 00:07:20 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\dll-files.com
[2013/05/30 00:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2013/05/30 00:07:13 | 000,019,392 | ---- | C] (Dll-Files.com) -- C:\Windows\SysNative\roboot64.exe
[2013/05/30 00:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
[2013/05/30 00:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2013/05/30 00:05:34 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/05/30 00:05:34 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013/05/30 00:05:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/05/30 00:05:34 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013/05/30 00:05:33 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/05/30 00:05:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/05/30 00:05:12 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/05/30 00:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/05/30 00:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeagueWindowFIx
[2013/05/30 00:03:21 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\PMB Files
[2013/05/30 00:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/05/30 00:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/05/30 00:02:08 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Riot Games
[2013/05/30 00:01:18 | 032,229,024 | ---- | C] (Riot Games) -- C:\Users\DJ\Desktop\LeagueofLegends_NA_Installer_05_07_13.exe
[2013/05/29 23:57:40 | 000,000,000 | ---D | C] -- C:\Users\DJ\My Backup Files
[2013/05/29 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\raidcall
[2013/05/29 23:42:53 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013/05/29 23:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013/05/29 23:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2013/05/29 23:29:31 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Dell
[2013/05/29 23:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/05/29 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013/05/29 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013/05/29 23:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/05/29 23:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013/05/29 23:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/05/29 23:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/05/29 23:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/29 23:11:33 | 000,000,000 | ---D | C] -- C:\AMD
[2013/05/29 23:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/05/29 23:10:11 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/29 23:10:11 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/29 23:10:07 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/29 23:10:06 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/29 23:10:05 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/29 23:09:56 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/05/29 23:09:56 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/29 23:08:51 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/29 23:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/05/29 23:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/05/29 23:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/29 23:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/29 23:04:08 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Google
[2013/05/29 23:03:54 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Deployment
[2013/05/29 23:03:54 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Apps
[2013/05/29 23:03:02 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Macromedia
[2013/05/29 23:03:01 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Adobe
[2013/05/29 22:58:44 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013/05/29 22:58:44 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013/05/29 22:57:14 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Dell
[2013/05/29 22:57:06 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Dell Touch Zone
[2013/05/29 22:57:03 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Roxio
[2013/05/29 22:56:51 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\ATI
[2013/05/29 22:56:51 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\ATI
[2013/05/29 22:56:19 | 000,000,000 | R--D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/29 22:56:19 | 000,000,000 | R--D | C] -- C:\Users\DJ\Searches
[2013/05/29 22:56:19 | 000,000,000 | R--D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/29 22:56:18 | 000,000,000 | -H-D | C] -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/29 22:56:06 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Identities
[2013/05/29 22:55:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\Contacts
[2013/05/29 22:55:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

Drejer

  • Guest
[2013/05/29 22:55:53 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\VirtualStore
[2013/05/29 22:53:09 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/05/29 22:53:09 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/05/29 22:53:09 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/05/29 22:52:54 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/05/29 22:52:54 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/05/29 22:52:54 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/05/29 22:52:36 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Dell Edoc Viewer
[2013/05/29 22:52:19 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/05/29 22:52:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\AppData\Local\Temporary Internet Files
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Templates
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Start Menu
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\SendTo
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Recent
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\PrintHood
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\NetHood
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Documents\My Videos
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Documents\My Pictures
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Documents\My Music
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\My Documents
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Local Settings
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\AppData\Local\History
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Cookies
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Application Data
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] -- C:\Users\DJ\AppData\Local\Application Data
[2013/05/29 22:52:11 | 000,000,000 | --SD | C] -- C:\Users\DJ\AppData\Roaming\Microsoft
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\Videos
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\Saved Games
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\Desktop\Play Games
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\Pictures
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\Music
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\Links
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\Favorites
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\Downloads
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\Documents
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\Desktop
[2013/05/29 22:52:11 | 000,000,000 | R--D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/29 22:52:11 | 000,000,000 | -H-D | C] -- C:\Users\DJ\AppData
[2013/05/29 22:52:11 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Temp
[2013/05/29 22:52:11 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\SoftThinks
[2013/05/29 22:52:11 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Microsoft
[2013/05/29 22:52:11 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Media Center Programs
[2013/05/29 22:45:01 | 000,000,000 | ---D | C] -- C:\Emergency
[2013/05/29 22:28:15 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

Drejer

  • Guest
========== Files - Modified Within 30 Days ==========
 
[2013/05/30 00:24:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DJ\Desktop\OTL.exe
[2013/05/30 00:09:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/30 00:07:32 | 000,107,520 | ---- | M] () -- C:\Windows\SysWow64\libgcc_s_dw2-1.dll
[2013/05/30 00:07:26 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013/05/30 00:07:25 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/05/30 00:01:28 | 032,229,024 | ---- | M] (Riot Games) -- C:\Users\DJ\Desktop\LeagueofLegends_NA_Installer_05_07_13.exe
[2013/05/29 23:42:53 | 000,001,009 | ---- | M] () -- C:\Users\DJ\Desktop\RaidCall.lnk
[2013/05/29 23:42:43 | 005,517,176 | ---- | M] () -- C:\Users\DJ\Desktop\raidcall_v7.2.4.exe
[2013/05/29 23:34:48 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 23:34:48 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 23:31:13 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/29 23:31:13 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/29 23:31:13 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/29 23:28:20 | 000,002,281 | ---- | M] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 23:28:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/29 23:26:34 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/05/29 23:26:33 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/05/29 23:26:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/29 23:25:31 | 536,063,999 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/29 23:10:12 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/29 23:09:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/29 23:04:52 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/29 23:02:52 | 000,001,439 | ---- | M] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/29 22:50:34 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/05/29 22:50:34 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/05/29 22:45:17 | 000,000,452 | ---- | M] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2013/05/09 03:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/09 03:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/09 03:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/09 03:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/09 03:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/09 03:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/09 03:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/09 03:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/09 03:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 03:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/30 00:07:31 | 000,107,520 | ---- | C] () -- C:\Windows\SysWow64\libgcc_s_dw2-1.dll
[2013/05/30 00:07:26 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013/05/30 00:07:25 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/05/29 23:42:53 | 000,001,009 | ---- | C] () -- C:\Users\DJ\Desktop\RaidCall.lnk
[2013/05/29 23:42:41 | 005,517,176 | ---- | C] () -- C:\Users\DJ\Desktop\raidcall_v7.2.4.exe
[2013/05/29 23:10:12 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/29 23:10:04 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/29 23:10:02 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/29 23:09:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/05/29 23:04:52 | 000,002,281 | ---- | C] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 23:04:52 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/29 23:04:16 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/29 23:04:16 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/29 23:02:52 | 000,001,439 | ---- | C] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/29 22:56:27 | 000,001,371 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/05/29 22:56:20 | 000,001,445 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/29 22:55:29 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/05/29 22:55:27 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/05/29 22:53:16 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2013/05/29 22:52:11 | 000,000,290 | ---- | C] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/29 22:52:11 | 000,000,272 | ---- | C] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/29 22:46:34 | 536,063,999 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/29 22:45:17 | 000,000,452 | ---- | C] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2013/03/28 21:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 21:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/28 20:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/03/28 20:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 

Drejer

  • Guest
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2011/05/10 00:55:40 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/05/10 00:55:40 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/30 00:07:20 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\dll-files.com
[2013/05/29 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\raidcall
[2013/05/30 00:02:34 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Riot Games
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/05/10 00:55:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/05/10 00:55:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\WINDOWS\SysWOW64\explorer.exe
[2011/05/10 00:55:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/05/10 00:55:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011/05/10 00:55:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/05/10 00:55:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\WINDOWS\explorer.exe
[2011/05/10 00:55:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/05/10 00:55:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2011/05/10 00:55:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/05/10 00:55:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/05/10 00:55:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/05/10 00:55:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/05/10 00:55:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011/05/10 00:55:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 

Drejer

  • Guest
color=#A23BEC]< MD5 for: SERVICES  >[/color]
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PNG  >
[2010/07/30 18:36:38 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/05/10 00:55:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/05/10 00:55:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2011/05/10 00:55:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 

Drejer

  • Guest
< dir C:\ /S /A:L /C  >
 Volume in drive C is OS
 Volume Serial Number is 08BC-16E4
 Directory of C:\
07/14/2009  12:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\Program Files\Windows Defender
07/14/2009  12:37 AM    <SYMLINKD>     en-US [c:\windows\system32\config]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  12:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  12:08 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009  12:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  12:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  12:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  12:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\DJ
05/29/2013  10:52 PM    <JUNCTION>     Application Data [C:\Users\DJ\AppData\Roaming]
05/29/2013  10:52 PM    <JUNCTION>     Cookies [C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Cookies]
05/29/2013  10:52 PM    <JUNCTION>     Local Settings [C:\Users\DJ\AppData\Local]
05/29/2013  10:52 PM    <JUNCTION>     My Documents [C:\Users\DJ\Documents]
05/29/2013  10:52 PM    <JUNCTION>     NetHood [C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/29/2013  10:52 PM    <JUNCTION>     PrintHood [C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/29/2013  10:52 PM    <JUNCTION>     Recent [C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Recent]
05/29/2013  10:52 PM    <JUNCTION>     SendTo [C:\Users\DJ\AppData\Roaming\Microsoft\Windows\SendTo]
05/29/2013  10:52 PM    <JUNCTION>     Start Menu [C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu]
05/29/2013  10:52 PM    <JUNCTION>     Templates [C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\DJ\AppData\Local
05/29/2013  10:52 PM    <JUNCTION>     Application Data [C:\Users\DJ\AppData\Local]
05/29/2013  10:52 PM    <JUNCTION>     History [C:\Users\DJ\AppData\Local\Microsoft\Windows\History]
05/29/2013  10:52 PM    <JUNCTION>     Temporary Internet Files [C:\Users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\DJ\Documents
05/29/2013  10:52 PM    <JUNCTION>     My Music [C:\Users\DJ\Music]
05/29/2013  10:52 PM    <JUNCTION>     My Pictures [C:\Users\DJ\Pictures]
05/29/2013  10:52 PM    <JUNCTION>     My Videos [C:\Users\DJ\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              51 Dir(s)  895,252,160,512 bytes free

< End of report >

Drejer

  • Guest
OTL Extras logfile created on: 5/30/2013 12:26:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DJ\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 4.55 Gb Available Physical Memory | 75.90% Memory free
12.00 Gb Paging File | 10.44 Gb Available in Paging File | 87.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 835.80 Gb Free Space | 91.08% Space Free | Partition Type: NTFS
 
Computer Name: DJ-PC | User Name: DJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 

Drejer

  • Guest
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Drejer

  • Guest
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 

Drejer

  • Guest
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069158D2-6B73-4ACF-BFD1-70F501E25E41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{079FC9CC-68CF-472C-8C20-D9AC1DEBB08D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16EE41C8-C4F1-44B6-9467-125E5A2462B1}" = lport=445 | protocol=6 | dir=in | app=system |
"{1B1CD5A4-F783-4350-84BF-B86D6E98B8E9}" = rport=445 | protocol=6 | dir=out | app=system |
"{29CE7F2C-CAE2-485A-A902-EE015A7D2B7A}" = rport=138 | protocol=17 | dir=out | app=system |
"{485C46EC-C965-4631-87C7-886F9BF1A2D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{6390EC63-D383-4C35-BFDF-8AB1461CBD84}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6552B101-A4BA-48A6-9ADC-21E3FCD95CF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{753372FA-7E30-44F9-A23B-96153A1DAFFF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C6E6A38-EC10-4B34-9D33-5C6FCE454B89}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86326148-8EC8-4339-B997-6350D813C829}" = rport=137 | protocol=17 | dir=out | app=system |
"{902F4D6B-5338-4EC2-9240-8BBBDF376BA6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9E752FB2-744C-4754-8D83-3342FCB627E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F036E40-62AF-43FC-B3B4-9DCC39E2EBD6}" = lport=138 | protocol=17 | dir=in | app=system |
"{B36C53C6-30B3-4E68-82CF-001F94E49D50}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9E15556-A14B-4217-A461-D7C4D725F580}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C7026920-B8DB-4FE3-9611-54CD4D4FB062}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CADBBA32-8390-482F-A41B-CC069E1843F6}" = lport=139 | protocol=6 | dir=in | app=system |
"{D7A8CDFC-704C-4FDB-8184-3AA29FC997D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4977448-6006-46FD-B906-A5B2D6D42F75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E5E60CE0-9509-4775-B5FF-6E0C2E26328F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8AFAA91-5811-40C5-BFB2-B776D2959838}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EAC92550-97E0-4E28-A9F3-15CC76446757}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC46B2A8-555D-4CF8-B065-279B9635A178}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D54E03-2ECF-4769-A0E4-F2CFF48D043B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{068285C1-CAB0-4C40-A5FF-DBFC2E33F548}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0C3D1721-B01C-453E-82EF-D2864974E422}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A2B5FD2-9031-491F-9C0D-D765BF1E3E77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A698D90-BD42-4804-ACAF-457C3564E89B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F771D3F-EF39-4DBD-AFCC-CC9FB8D0C36D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{46D95E94-52F9-463C-9B93-6109DD55BA3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C5FA88C-3EE9-4148-98D0-A49AA6EAF373}" = protocol=6 | dir=out | app=system |
"{547626E2-3E53-4FC8-AF31-A503AAB29FB7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{549129B4-EDCF-4673-AAFF-48EE269CFBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5846EB62-D2A1-47D2-ADD5-1AB6928F182C}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{68FF760D-62B7-465B-95EC-5C79E0C7B97D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DC5A5BD-E340-4BCA-BC01-AF2880AFE907}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7430F524-0E83-4B6B-9F86-D7D739D97A66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F5A091F-1D90-4768-B6F4-D601D4FC402F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8BB661B5-6EE2-4461-9CBD-13C9F1250350}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9287D7C8-3195-4789-B015-D6E13E7BE12A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B44CB4F-8763-4014-869F-F3CE5A04E3E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A6877589-DFB6-4542-A6A4-E2DD59D829E6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A78D13AF-CAD9-435C-951E-E9F8BC3A2795}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BEF44C0E-B6FA-434F-9CC0-75186A93CBB9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C7E9BB64-78E7-4381-AFD2-8E99818139DD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{CC49BF00-E2EE-4617-8362-297AE78B83B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CFDE3424-02F7-48D3-AAF4-B28D6753932D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D770047A-A73C-498F-A07F-BA5FFE5A4B20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCF0E3F0-4D07-4D36-B5DD-68964DCEDCE5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E77067DC-6ACE-4051-AB1F-F1110FF134DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE142B77-E321-430F-B6D3-4B301269DCBC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F3543F75-CC89-489D-B1A3-F5205AB326DC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F49CD9DA-8AE9-44A0-B093-76A92D73C495}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F72DD7F9-2A09-45C1-A51B-947C13FA0E8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |